guided-product-demo
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill performs
npm installfor@helios-project/core,@helios-project/renderer, and@helios-project/cli. These packages are from an unvetted organization not present on the trusted sources list. - COMMAND_EXECUTION (MEDIUM): The skill executes
npx helios renderandffmpegvia the command line. While functional for the skill's purpose, it executes code from the unvetted packages downloaded in previous steps. - PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill researches external URLs provided by the user and analyzes local repository content including READMEs, marketing copy, and API endpoints (Step 3).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the analyzed data are provided.
- Capability inventory: The agent has the ability to install packages, execute shell commands (
npx,ffmpeg), and read arbitrary files in the repository. - Sanitization: No sanitization or validation of the content fetched from URLs or repo files is mentioned before processing.
- CREDENTIALS_UNSAFE (SAFE): The skill requires an
ELEVEN_LABS_API_KEYbut follows best practices by instructing the agent not to search for.envfiles and instead requesting it directly from the user.
Audit Metadata