heygen-skills
Warn
Audited by Snyk on Apr 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from public URLs and user-provided web pages (see references/asset-routing.md and the README/SKILL.md examples like "summarize this article" and the Discovery Assets rules), treats that untrusted third‑party content as input to script/prompt construction, and uses it to drive API submissions and generation decisions—creating a clear path for indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The SKILL explicitly instructs fetching runtime documentation from https://developers.heygen.com/llms.txt (and .md pages such as https://developers.heygen.com/docs/video-agent.md) as a "docs-first" step to read raw markdown and then build requests/prompts, meaning remote content is fetched at runtime and directly influences prompt construction.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata