hyperframes-media

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses credential files located at ~/.heygen/credentials and .env to authenticate API requests to the HeyGen media generation platform.
  • [EXTERNAL_DOWNLOADS]: Automatically installs necessary Python dependencies such as google-genai, transformers, torch, and numpy from official registries to support local audio processing and generation.
  • [COMMAND_EXECUTION]: Spawns subprocesses to execute ffmpeg and ffprobe for audio transcoding and metadata extraction, and uses python3 to run internal generation recipes.
  • [EXTERNAL_DOWNLOADS]: Connects to api.heygen.com to fetch voice metadata, perform text-to-speech synthesis, and download media assets.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external data from audio_request.json to drive AI generation.
  • Ingestion points: audio_request.json (prompt and query fields in audio.mjs).
  • Boundary markers: No explicit delimiters or instructions are used to separate untrusted user inputs from the system instructions sent to AI models.
  • Capability inventory: The skill has access to subprocess execution (python3), network requests (fetch), and file system operations (writeFileSync).
  • Sanitization: Inputs are stringified and embedded in JSON payloads or Python script templates without specialized filtering for adversarial instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 03:41 AM
Security Audit — agent-trust-hub — hyperframes-media