Skills
skills/heygen-com/hyperframes/hyperframes-animation/Gen Agent Trust Hub

hyperframes-animation

Warn

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/package-loader.mjs implements a function bootstrapWithNpmInstall that uses the npm CLI to download and install packages from the public registry into a temporary directory.
  • [REMOTE_CODE_EXECUTION]: The package-loader.mjs utility uses node:child_process.spawnSync to execute the downloaded Node.js packages. This allows for the execution of code that was not part of the original skill package.
  • [COMMAND_EXECUTION]: The script scripts/animation-map.mjs utilizes the package-loader.mjs script to manage dependencies and executes Node.js processes on the host machine to perform its animation auditing tasks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 02:33 AM
Security Audit — agent-trust-hub — hyperframes-animation