hyperframes-registry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs fetching and reading public registry content (e.g., curl https://raw.githubusercontent.com/heygen-com/hyperframes/main/registry/registry.json in references/discovery.md and opening installed component files like compositions/components/*.html to read comment headers) which are untrusted third‑party resources the agent is expected to interpret and act on, allowing external content to influence tooling and wiring decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches the registry at runtime (e.g. https://raw.githubusercontent.com/heygen-com/hyperframes/main/registry and https://raw.githubusercontent.com/heygen-com/hyperframes/main/registry/registry.json) which the CLI uses to download HTML/JS snippets that are installed and can execute as code in the host environment, so remote content is both fetched at runtime and can execute code.