website-to-video

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing content from arbitrary user-provided URLs.
  • Ingestion points: Data enters the agent's context through capture/extracted/visible-text.txt and capture/extracted/asset-descriptions.md after the hyperframes capture command is executed.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the ingested text are specified in the provided reference files.
  • Capability inventory: The skill has the capability to execute shell commands (npx hyperframes), write files to the local system (compositions/*.html), and perform network operations via external TTS and Vision APIs.
  • Sanitization: The skill lacks explicit sanitization or filtering of the extracted website text before it is used to generate the storyboard and narration script.
  • [COMMAND_EXECUTION]: The skill relies on executing various shell commands using npx hyperframes for project initialization, site capture, linting, validation, and rendering. These commands run with the permissions of the user environment.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates data transmission to and from external services including ElevenLabs, HeyGen, and Google Gemini for text-to-speech, transcription, and image analysis. These are well-known services used for the skill's primary functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 11:28 PM
Security Audit — agent-trust-hub — website-to-video