Skills
skills/bintzgavin/helios-skills/helios-skills/Gen Agent Trust Hub

helios-skills

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill collection frequently instructs the agent to execute shell commands for development and production tasks. This includes installing packages via npm install, running the project's studio environment with npx helios studio, and performing video rendering via the CLI command npx helios render. Additionally, guided workflows include instructions to use ffmpeg for audio analysis (e.g., extracting BPM and beat timestamps in skills/guided/social-clip/SKILL.md).
  • [EXTERNAL_DOWNLOADS]: Several skills (e.g., skills/getting-started/SKILL.md, skills/guided/social-clip/SKILL.md) instruct the agent to download and install packages from the @helios-project NPM scope. These packages (@helios-project/core, @helios-project/renderer, @helios-project/cli, @helios-project/player) are central to the skill's functionality and are maintained by the skill's authoring organization.
  • [PROMPT_INJECTION]: The 'Guided Video Creation' workflows (found in skills/guided/) represent an indirect prompt injection surface because they ingest untrusted data and have significant execution capabilities.
  • Ingestion points: Untrusted data enters the agent context in Step 1 and Step 3 of the guided skills, where the agent is prompted to research an external URL or analyze a repository's codebase to extract brand intelligence (e.g., marketing copy, CTA structure, design tokens).
  • Boundary markers: Absent. The instructions do not define clear delimiters or provide 'ignore instructions' warnings for the researched content.
  • Capability inventory: The agent has the capability to write and execute files (composition.html), install arbitrary NPM packages, and run shell commands via the Helios CLI and ffmpeg (across multiple guided SKILL.md files).
  • Sanitization: Absent. There are no instructions for the agent to validate or sanitize the brand data before interpolating it into the creative specifications or the final composition code.
  • [CREDENTIALS_UNSAFE]: The guided skills require an ELEVEN_LABS_API_KEY for music generation. However, the skill follows good security practices by explicitly instructing the agent not to search for this key in .env files or verify it themselves, instead asking the user to provide it in the environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 10:12 PM