talking-head-video

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute curl commands for interacting with the HeyGen API. This includes uploading binary assets to upload.heygen.com and submitting JSON payloads to api.heygen.com. These operations are fundamental to the skill's purpose.
  • [EXTERNAL_DOWNLOADS]: The skill uses WebFetch and Bash to retrieve content from external URLs, GitHub pull requests, and documentation pages. This data is used to provide context for video scripts and as background assets.
  • [DATA_EXFILTRATION]: The skill sends user-provided content and processed text to the HeyGen API to generate videos. While this involves sending data to an external service, it is the stated purpose of the skill and targets a well-known provider.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from the web (e.g., blog posts, changelogs, GitHub PRs) to generate scripts. This creates a potential vector for indirect prompt injection. 1. Ingestion points: SKILL.md (Step 2, Step 3, Step 3b) identifies URLs and external text as primary inputs. 2. Boundary markers: The instructions do not specify the use of delimiters when processing external content. 3. Capability inventory: The skill has access to Bash, Write, Edit, and WebFetch tools. 4. Sanitization: No explicit validation or sanitization steps are defined for fetched content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — talking-head-video