guided-social-clip
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs npm packages from the
@helios-projectscope (core,renderer,cli). While required for functionality, these do not belong to the list of trusted organizations and represent a third-party dependency risk. - INDIRECT_PROMPT_INJECTION (LOW): In Step 3, the skill fetches content from a user-provided URL to extract brand intelligence. This content is then used to generate creative specifications and code.
- Ingestion points: External web content fetched via URL in Step 3.
- Boundary markers: Absent; the agent is not instructed to use delimiters or ignore instructions within the fetched content.
- Capability inventory: Subprocess execution (
npm install,npx helios,ffmpeg) and file system writes (composition.html). - Sanitization: Absent; signals from the external site are used directly to drive the generation of the motion design specification and subsequent HTML/JS code.
- COMMAND_EXECUTION (MEDIUM): The skill implements a dynamic execution pipeline where it generates a local HTML/JavaScript file (
composition.html) and executes it via the Helios CLI (npx helios render). Because the generated code is influenced by potentially untrusted data from external URLs, this creates a path for influenced code execution. - DATA_EXPOSURE (SAFE): The skill correctly handles sensitive information by instructing the agent not to attempt to read
.envfiles or verify API keys autonomously, relying instead on user input.
Audit Metadata