Skills
skills/heygen-com/skills/heygen-translate/Gen Agent Trust Hub

heygen-translate

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes a command for installing the HeyGen CLI using a standard 'curl | bash' pattern from the official vendor domain (static.heygen.ai). This is a legitimate installation method for the required vendor software.
  • [CREDENTIALS_UNSAFE]: The skill manages authentication by prompting the user for an API key and storing it via the official heygen auth login command. This stores the token in the standard local path (~/.heygen/credentials) and follows best practices for tool authentication.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute heygen CLI commands, curl, and ffmpeg. These are essential for its media processing and API interaction capabilities.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with external video URLs provided by the user. It includes a proactive security measure (HEAD-check) to verify that the target URL returns a valid video MIME type before further processing.
  • [DATA_EXFILTRATION]: There is no evidence of unauthorized data transfer. Network operations are restricted to the official HeyGen API and the source video locations provided by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:39 AM
Security Audit — agent-trust-hub — heygen-translate