Skills
skills/heygen-com/liveavatar-agent-skills/liveavatar-integrate/Gen Agent Trust Hub

liveavatar-integrate

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs automated discovery of the local development environment by scanning for configuration signals and dependencies in files such as .env, package.json, and requirements.txt, specifically targeting the discovery of the vendor's own API keys (HEYGEN_API_KEY, LIVEAVATAR_API_KEY).
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the official @heygen/liveavatar-web-sdk Node.js package and provides references to the vendor's official GitHub repository for SDK documentation and demo applications.
  • [COMMAND_EXECUTION]: Implementation guides include multiple curl command examples for the agent or user to interact with the LiveAvatar API endpoints (api.liveavatar.com) to manage the integration lifecycle, including session and context creation.
  • [SAFE]: The skill ingests untrusted codebase data to provide integration recommendations, creating a surface for indirect prompt injection. Ingestion points: dependencies, imports, and configuration files (referenced in SKILL.md). Boundary markers: Absent. Capability inventory: Subprocess calls via curl and file system reads (referenced in SKILL.md and guides). Sanitization: Not specified. This mechanism is used for legitimate project assessment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 12:49 PM