Skills
skills/heygen-com/skills/heygen-skills/Gen Agent Trust Hub

heygen-skills

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill manages API keys by storing them in ~/.heygen/config. This is documented as a secure persistent storage method. The ./setup script and instructions explicitly enforce chmod 600 on the configuration file to prevent unauthorized local access. Furthermore, the skill retrieves the key using standard text-parsing commands (grep and cut) rather than executing the file via source, which prevents accidental script execution.
  • [EXTERNAL_DOWNLOADS]: The skill performs legitimate network operations to vendor-controlled and trusted domains. It communicates with api.heygen.com for avatar and video generation services and uses raw.githubusercontent.com to check for software updates. These operations are essential for the skill's functionality and target well-known, trusted infrastructure.
  • [COMMAND_EXECUTION]: The package includes a ./setup script and an update-check.sh utility. These scripts perform standard administrative tasks such as creating symlinks, validating API keys, and checking version strings. No arbitrary or high-risk shell commands are executed, and the processes are transparently documented in the source code.
  • [PROMPT_INJECTION]: As a content creation tool, the skill naturally ingests untrusted data from URLs (via web_fetch) and user-provided files (PDFs, images) to generate video scripts.
  • Ingestion points: External content enters the context through URL fetching and file analysis in heygen-video/SKILL.md.
  • Boundary markers: The skill does not currently use specific hardware boundaries (e.g., XML tags) when interpolating this data into the Video Agent prompt, though it employs structural directives like 'CRITICAL ON-SCREEN TEXT'.
  • Capability inventory: The ingested data influences the generation of video scripts and the resulting video output through the HeyGen API.
  • Sanitization: The skill summarizes or extracts key points from external data before inclusion.
  • Risk Assessment: The risk of indirect prompt injection is low, as the skill's capabilities are limited to media generation and do not grant the processed data access to high-privilege system operations or sensitive user credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 03:23 AM