Skills
skills/heygen-com/skills/heygen-avatar/Gen Agent Trust Hub

heygen-avatar

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the official HeyGen CLI using a shell script located at https://static.heygen.ai/cli/install.sh. This source is managed by the vendor (heygen-com) and is a standard requirement for the skill to operate.
  • [REMOTE_CODE_EXECUTION]: The installation process involves piping a remote script to bash (curl ... | bash). While this is a high-privilege operation, it originates from the author's official infrastructure and is the documented method for installing their command-line tools.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run the heygen CLI for avatar and voice management, as well as filesystem commands like ln -sf to maintain workspace-relative symlinks for agent and user identities.
  • [DATA_EXFILTRATION]: The skill is configured to read workspace identity files, specifically SOUL.md and IDENTITY.md, to extract user and agent characteristics. This information is then sent to the official HeyGen API to facilitate avatar generation, which is the primary functionality of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 11:37 PM