heygen
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a standard API client for HeyGen services. All network requests are made to official vendor-owned domains (heygen.com and heygen.ai). Authentication relies on the HEYGEN_API_KEY environment variable as documented in references/authentication.md.
- [COMMAND_EXECUTION]: Code snippets in references/remotion-integration.md and references/video-status.md utilize local file system operations (fs.writeFile and fs.readFileSync) to manage video asset downloads and local processing, which is appropriate for the skill's stated purpose.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of media assets from external URLs (references/assets.md) and the retrieval of generated video files (references/video-status.md) for further use, representing legitimate asset management functionality.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists via data ingestion points. Evidence: 1. Ingestion points identified in references/assets.md (external sourceUrl), references/templates.md (variables), and references/video-agent.md (prompt); 2. Boundary markers are absent for ingested data; 3. Capability inventory includes network fetching and local file writes; 4. Sanitization is not implemented in the provided logic. This surface is expected for a video generation tool and does not indicate malicious intent.
Audit Metadata