heygen
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: All documented API interactions target official HeyGen domains, including api.heygen.com, upload.heygen.com, and heygen.ai, ensuring data is sent only to the intended service provider.
- [SAFE]: The authentication documentation correctly instructs users to store the HEYGEN_API_KEY as an environment variable and warns against exposing secrets in client-side code, aligning with industry security standards.
- [SAFE]: No obfuscation, data exfiltration patterns, or persistence mechanisms were found. The skill consists entirely of reference materials and code templates for legitimate video generation workflows.
- [SAFE]: Code examples for asset management include basic validation, such as checking for HTTPS protocols before fetching remote resources, which helps mitigate basic server-side request forgery (SSRF) risks.
Audit Metadata