heygen-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The Video Agent API accepts natural language prompts to generate content. While this is an external AI surface, the skill provides templates for structured usage rather than introducing vulnerabilities.
- Ingestion points: The prompt field in rules/video-agent.md.
- Boundary markers: Absent.
- Capability inventory: Network POST requests to api.heygen.com.
- Sanitization: Absent.
- [Data Exposure & Exfiltration] (SAFE): Code examples for asset uploading involve reading local files. This is the intended functionality for the documented service and does not target sensitive system paths or exfiltrate data to untrusted domains.
Audit Metadata