Skills
skills/heygen-com/hyperframes/media-use/Gen Agent Trust Hub

media-use

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation provides instructions to install the HeyGen CLI using a shell script downloaded from the vendor's official domain (static.heygen.ai). This is a standard deployment mechanism for the vendor's tooling and is considered safe within the context of the skill's authorship.
  • [COMMAND_EXECUTION]: The skill uses the execSync function to interact with the heygen CLI for media searching and ffprobe for asset metadata extraction. User-provided intent strings are escaped during command construction to prevent shell injection.
  • [EXTERNAL_DOWNLOADS]: Media assets are downloaded from HeyGen's content delivery network. These downloads are capped at 256MB to prevent resource exhaustion and utilize the user's provided API credentials.
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected. The skill follows best practices for secret management by instructing users to use environment variables for API keys.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 02:35 AM
Security Audit — agent-trust-hub — media-use