hyperframes-registry
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches registry manifest and component assets from the official HeyGen GitHub repository at
https://raw.githubusercontent.com/heygen-com/hyperframes/main/registry. - [COMMAND_EXECUTION]: Executes the
hyperframesCLI tool for project operations includingadd,lint, andpreview. - [PROMPT_INJECTION]: Presents an indirect prompt injection surface by instructing the agent to download, read, and merge external HTML/JS snippets from the registry into the local project.
- Ingestion points: Component files installed to the
compositions/directory (documented inSKILL.mdandreferences/wiring-components.md). - Boundary markers: None present in instructions for merging snippets.
- Capability inventory: Includes file read/write operations and execution of CLI tools (
hyperframes). - Sanitization: No specific sanitization or validation of the downloaded snippets is performed before integration into host files.
Audit Metadata