heygen-translate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to paste their HeyGen API key and then embed it verbatim into a shell command (echo "<key>" | heygen auth login), which requires the LLM to handle and output secret values directly, creating a clear exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and HEAD-checks public HTTPS URLs for source videos in Phase 1 / Check 2b and downloads/inspects the media (the agent is told to "watch/listen to the first ~10 seconds"), and the proofreads workflow fetches and requires editing SRTs via presigned/public URLs (references/proofreads-workflow.md), so untrusted third-party content is ingested and directly influences configuration, decisions, and final renders.