guided-testimonial-video
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill executes
npm installfor@helios-projectscoped packages. This organization is not recognized as a trusted source according to the security framework, which introduces a supply chain risk through potential malicious package substitution or compromise. - Indirect Prompt Injection (LOW): The skill is designed to research a user-provided URL to extract brand identity, marketing copy, and value propositions in STEP 3. This external data is then interpolated into a creative specification and used to generate code.
- Ingestion points: User-provided URL fetched during STEP 3.
- Boundary markers: Absent; the instructions do not provide delimiters or warnings to the agent to ignore instructions embedded within the fetched HTML or text.
- Capability inventory: Package installation (
npm), file writing (composition.html), and CLI execution (npx helios,ffmpeg). - Sanitization: Absent; the skill directs the agent to adopt the tone and content of the external site without validation.
- Dynamic Execution (LOW): In STEP 8, the skill generates a
composition.htmlfile that includes JavaScript logic and CSS animations. This file is then executed/rendered by the Helios CLI tool. - Command Execution (LOW): The skill utilizes multiple system-level commands, including
npm,npx, andffmpeg. While consistent with the primary purpose of video rendering, these tools represent an increased attack surface if the agent is manipulated via indirect injection.
Audit Metadata