Skills
skills/heygen-com/hyperframes/marker-highlight/Gen Agent Trust Hub

marker-highlight

Fail

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download a JavaScript library from a third-party GitHub repository (Robincodes-Sandbox/marker-highlight) and execute it within the agent's environment. This source is not a recognized trusted organization or well-known service.
  • [COMMAND_EXECUTION]: The skill uses a shell command pipeline (curl | sed) to download and modify JavaScript source code. Specifically, it uses sed to replace internal minified variables and export statements, which is a fragile and risky method of code modification.
  • [EXTERNAL_DOWNLOADS]: The instructions involve fetching executable content from cdn.jsdelivr.net pointing to a personal/sandbox repository. While the CDN itself is a known service, the content origin is unverified and outside the trusted scope.
  • [DYNAMIC_EXECUTION]: By modifying the JavaScript file at runtime using sed before loading it as a script, the skill performs dynamic code assembly which could be exploited if the remote source or the modification logic is compromised.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 2, 2026, 10:15 PM