Skills
skills/yonatangross/orchestkit/heygen-avatars/Gen Agent Trust Hub

heygen-avatars

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (MEDIUM): Functional patterns in rules/assets.md facilitate reading local files and uploading them to external HeyGen endpoints via fs.readFileSync(filePath) and open(file_path, "rb"). If an agent utilizes these functions with unsanitized user input, it could lead to the exfiltration of sensitive system files to a third-party service.
  • [DATA_EXFILTRATION] (MEDIUM): The uploadFromUrl routine in rules/assets.md performs an unvalidated fetch on a user-provided sourceUrl, creating a Server-Side Request Forgery (SSRF) surface where an attacker could cause the agent to access internal network resources.
  • [PROMPT_INJECTION] (LOW): Category 8: Indirect Prompt Injection surface. 1. Ingestion points: prompt in rules/video-agent.md, sourceUrl in rules/assets.md, and input_text in multiple files. 2. Boundary markers: Absent in provided examples. 3. Capability inventory: File system read (fs.readFileSync) and network egress (fetch, requests). 4. Sanitization: Absent in all code snippets.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:43 PM