heygen
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard command-line tools like
curlandjqto interact with the HeyGen API and process response data. These commands are localized to the task of video generation and account management.- [EXTERNAL_DOWNLOADS]: The skill performs network operations toapi.heygen.com, which is the official domain for a well-known AI service. This is consistent with the skill's documented purpose of generating and managing AI videos via their platform.- [CREDENTIALS_UNSAFE]: The skill correctly follows secret management best practices by instructing the user to store their API key in an environment variable (HEYGEN_TOKEN) instead of hardcoding credentials in the instructions or scripts.
Audit Metadata