Skills
skills/membranedev/application-skills/heygen/Gen Agent Trust Hub

heygen

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the public npm registry. This is a standard dependency for accessing the vendor's platform and does not pose a security risk in this context.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution to interact with the membrane CLI for authentication, searching for actions, and running integrations.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection (Category 8) because it retrieves and processes data from external HeyGen API calls (e.g., video lists, template descriptions).
  • Ingestion points: Data returned from membrane action list and membrane action run commands is processed by the agent.
  • Boundary markers: Absent; the skill does not explicitly instruct the agent to use delimiters or ignore instructions embedded in the retrieved data.
  • Capability inventory: The agent has the capability to execute shell commands via the membrane CLI.
  • Sanitization: No explicit sanitization or validation of the external content is described in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:20 PM