hyperframes-registry

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches registry manifest and component assets from the official HeyGen GitHub repository at https://raw.githubusercontent.com/heygen-com/hyperframes/main/registry.
  • [COMMAND_EXECUTION]: Executes the hyperframes CLI tool for project operations including add, lint, and preview.
  • [PROMPT_INJECTION]: Presents an indirect prompt injection surface by instructing the agent to download, read, and merge external HTML/JS snippets from the registry into the local project.
  • Ingestion points: Component files installed to the compositions/ directory (documented in SKILL.md and references/wiring-components.md).
  • Boundary markers: None present in instructions for merging snippets.
  • Capability inventory: Includes file read/write operations and execution of CLI tools (hyperframes).
  • Sanitization: No specific sanitization or validation of the downloaded snippets is performed before integration into host files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — hyperframes-registry