hyperframes
Audited by Snyk on Jun 19, 2026
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.85). The repo/spec contains explicit third-party network integrations (MiniMax TTS, Pexels, ideaflow) and an .env.example with plaintext API keys; this poses clear data-exfiltration and credential-leakage risk (sending user content and secrets to external services), though I found no obfuscated code, remote exec/backdoor stubs, or hidden eval patterns.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via the WeChat Article → Video workflow: the skill parses markdown extracted from a user-provided
https://mp.weixin.qq.com/...URL (outsider-authored article text) and then uses that content to generate narration/scene text that is fed into downstream LLM steps.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill includes an example that loads and executes remote JavaScript at runtime from the CDN (https://cdn.jsdelivr.net/npm/gsap@3.14.2/dist/gsap.min.js), which the composition relies on for GSAP animations, so this is a runtime external dependency that executes remote code.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the provided skill documentation for literal, high-entropy credentials. In the .env.example section there are two hardcoded values that match the definition of secrets (random-looking API keys):
- minimax-key=sk-api-u7DlDQ8T0h6GEGa4bCY7-7OlMibL8JAz9M4rMjwTRxSfJ-x4gZptG-1sS2lDPulgmgPkmCx4JNEE8c9rlK3CGiBZlUo6s
- Reason for flagging: high-entropy token, uses an "sk-api-" style prefix commonly used for service API/secret keys. Not a placeholder string.
- pexels_api_keys = ["W9iyYJPSUiwtPi8qwYXnlaqySGwWDG5Hj4ckB"]
- Reason for flagging: the array contains a single high-entropy string consistent with an API key for Pexels. Not a placeholder like "YOUR_API_KEY".
I did not flag any values that are clearly placeholders, examples, or simple setup passwords. All other values in the document are configuration names, guidance, or descriptive text and were ignored per the rules.
Issues (4)
Malicious code pattern detected in skill scripts.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).