guided-launch-announcement
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs npm packages
@helios-project/core,@helios-project/renderer, and@helios-project/cli. These are from an unverified source outside the trusted organizations list. - [COMMAND_EXECUTION] (MEDIUM): The skill utilizes
npm install,ffmpeg, andnpx heliosfor its core functionality. Running commands from third-party packages that are not part of a trusted registry scope poses a security risk. - [DYNAMIC_EXECUTION] (MEDIUM): The skill dynamically generates a
composition.htmlfile containing JavaScript code that interacts with the Helios runtime. This generated code is subsequently executed/rendered by the CLI tool. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Fetches content from user-provided marketing URLs and reads local codebase files (CSS/Tailwind configs) to extract brand identity.
- Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands within the fetched external content.
- Capability inventory: Access to
npm,npx, andffmpegvia shell execution. - Sanitization: Absent. The skill analyzes external site content directly for brand signals without sanitization logic.
- [CREDENTIALS_UNSAFE] (SAFE): While the skill requires an ElevenLabs API key, it correctly instructs the user to provide it and explicitly forbids itself from attempting to read
.envfiles or verify keys automatically.
Audit Metadata