hyperframes
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch component registries and installation assets from the official HeyGen (heygen-com) GitHub repository. These downloads are legitimate resources for the framework's operation.
- [COMMAND_EXECUTION]: The skill guides the agent to execute shell commands for environment checks, skill installation, and video production tasks like transcription and rendering. These operations are standard for the skill's documented purpose.
- [PROMPT_INJECTION]: The skill's primary function involves processing external transcript data to determine animation choreography and styling. This creates a surface for indirect prompt injection where instructions embedded in a transcript could influence agent behavior.
- Ingestion points: Transcript content is read from local files (JSON, SRT, VTT) and external API responses (OpenAI, Groq).
- Boundary markers: There are no explicit markers or instructions to isolate the transcript content from the agent's behavioral logic.
- Capability inventory: The skill allows for file system writes (HTML/JS/CSS), shell command execution, and browser-based script instrumentation.
- Sanitization: Sanitization logic is present for quality control (removing music/filler tokens) but does not address potential prompt injection patterns.
Audit Metadata