hyperframes-media
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses credential files located at
~/.heygen/credentialsand.envto authenticate API requests to the HeyGen media generation platform. - [EXTERNAL_DOWNLOADS]: Automatically installs necessary Python dependencies such as
google-genai,transformers,torch, andnumpyfrom official registries to support local audio processing and generation. - [COMMAND_EXECUTION]: Spawns subprocesses to execute
ffmpegandffprobefor audio transcoding and metadata extraction, and usespython3to run internal generation recipes. - [EXTERNAL_DOWNLOADS]: Connects to
api.heygen.comto fetch voice metadata, perform text-to-speech synthesis, and download media assets. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external data from
audio_request.jsonto drive AI generation. - Ingestion points:
audio_request.json(promptandqueryfields inaudio.mjs). - Boundary markers: No explicit delimiters or instructions are used to separate untrusted user inputs from the system instructions sent to AI models.
- Capability inventory: The skill has access to subprocess execution (
python3), network requests (fetch), and file system operations (writeFileSync). - Sanitization: Inputs are stringified and embedded in JSON payloads or Python script templates without specialized filtering for adversarial instructions.
Audit Metadata