website-to-video
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing content from arbitrary user-provided URLs.
- Ingestion points: Data enters the agent's context through
capture/extracted/visible-text.txtandcapture/extracted/asset-descriptions.mdafter thehyperframes capturecommand is executed. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the ingested text are specified in the provided reference files.
- Capability inventory: The skill has the capability to execute shell commands (
npx hyperframes), write files to the local system (compositions/*.html), and perform network operations via external TTS and Vision APIs. - Sanitization: The skill lacks explicit sanitization or filtering of the extracted website text before it is used to generate the storyboard and narration script.
- [COMMAND_EXECUTION]: The skill relies on executing various shell commands using
npx hyperframesfor project initialization, site capture, linting, validation, and rendering. These commands run with the permissions of the user environment. - [EXTERNAL_DOWNLOADS]: The skill facilitates data transmission to and from external services including ElevenLabs, HeyGen, and Google Gemini for text-to-speech, transcription, and image analysis. These are well-known services used for the skill's primary functionality.
Audit Metadata