📦

監査履歴

product-launch-video - 2 監査

監査バージョン 2

高リスクの問題 (3)

SKILL.md:26-28 scripts/audio.mjs:71-85 scripts/assemble-index.mjs:78-92

External Command Execution Across the Workflow

The skill instructs the agent to run HyperFrames CLI commands and includes Node scripts that spawn other processes such as the shared audio engine, ffprobe, and ffmpeg. This is expected for video generation, but it gives the skill significant execution capability on the host system.

SKILL.md:28 SKILL.md:42 SKILL.md:90 scripts/audio.mjs:71-85

Credential and Environment Access in Media Pipeline

The workflow references sign-in state, API key availability, a hidden HeyGen credential, and an environment override for the media engine path. These are legitimate integration points, but they increase the impact if the skill or its dependencies are altered.

scripts/build-frame.mjs:54-59 scripts/build-frame.mjs:500-510 scripts/stage-assets.mjs:27-33 scripts/captions.mjs:164-202

Broad Filesystem Writes from User-Selected Project Paths

Several scripts resolve CLI-provided project paths and write or copy generated files such as frame.md, caption skins, captions, and staged assets. This is normal for a generator, but it can overwrite files if run with an unsafe project path.

中リスクの問題 (2)

scripts/assemble-index.mjs:526 scripts/captions.mjs:469

Remote CDN Script Loaded in Generated Output

Generated HTML includes GSAP from jsDelivr. This is a common frontend dependency pattern, but it adds a network supply-chain dependency to rendered compositions.

references/story-design.md:177-180 references/visual-design.md:27 scripts/lib/storyboard.mjs:107-115

Static Scanner Heuristics Mostly Match Benign Text and Regex

Many alerts for weak cryptography, Ruby backticks, C2 keywords, and path traversal occur in Markdown guidance, examples, regex literals, or comments. I did not find semantic evidence that these matches implement malicious behavior.

低リスクの問題 (1)

SKILL.md:1-3 sub-agents/frame-worker.md:1-3

No Prompt Injection Attempt Found in Reviewed Files

A targeted search for override language, fake system messages, pre-approval claims, and instructions to skip security review found no evidence of prompt injection attempts.

リスク要因

⚙️ 外部コマンド (3)

SKILL.md:26-28 scripts/audio.mjs:71-85 scripts/assemble-index.mjs:78-92

📁 ファイルシステムへのアクセス (4)

scripts/build-frame.mjs:54-59 scripts/build-frame.mjs:500-510 scripts/stage-assets.mjs:27-33 scripts/captions.mjs:66-79

⚡ スクリプトを含む (3)

scripts/audio.mjs:1-23 scripts/build-frame.mjs:1-9 scripts/assemble-index.mjs:1-5

🌐 ネットワークアクセス (3)

SKILL.md:34-42 scripts/assemble-index.mjs:526 scripts/captions.mjs:469

🔑 環境変数 (4)

SKILL.md:28 SKILL.md:42 SKILL.md:90 scripts/audio.mjs:71

検出されたパターン

Process SpawningHidden Credential and API Key UseGenerated File Writes

監査バージョン 1

高リスク

Jun 27, 2026, 09:04 AM

The static findings are partly true positives and partly noisy matches from documentation. I found no evidence of malicious intent or prompt injection, but the skill executes local scripts, invokes external commands, reads provider credentials, captures URLs, and generates HTML that can execute remote or injected script. Publish should wait for remediation of the generated HTML injection and CDN execution risks.

スキャンされたファイル

4,061

解析された行数

検出結果

codex

監査者

高リスクの問題 (1)

scripts/captions.mjs:149-160 scripts/captions.mjs:469-472

Generated Caption HTML Allows Script Breakout

Caption text from audio metadata is inserted into an inline script with JSON.stringify. If untrusted product copy or script text contains a closing script tag sequence, preview or render HTML could execute injected JavaScript.

中リスクの問題 (3)

scripts/assemble-index.mjs:521-527 scripts/captions.mjs:465-470

Remote JavaScript Loaded in Generated Compositions

The generated main and caption compositions load GSAP from jsdelivr at render or preview time. This creates a supply chain and deterministic rendering risk, even though the URL targets a known library version.

SKILL.md:26 SKILL.md:40 SKILL.md:88 scripts/audio.mjs:71-85 scripts/assemble-index.mjs:78-91

Expected External Command Execution

The workflow intentionally runs npx, node scripts, ffprobe, ffmpeg, and a media engine selected by HF_MEDIA_ENGINE. This is normal for HyperFrames video production, but it increases local execution risk for a community skill.

SKILL.md:42 SKILL.md:90 scripts/audio.mjs:71

Credential and Provider Environment Access

The skill uses provider keys for capture and the HeyGen credential for audio services. This appears legitimate, but users should know secrets may be read by the broader HyperFrames media pipeline.

低リスクの問題 (2)

references/cut-catalog.md:3 references/motion-language.md:3 references/story-design.md:179 references/visual-design.md:3

Documentation Tokens Triggered Many Static False Positives

Most weak crypto, path traversal, system reconnaissance, and Ruby backtick alerts in reference markdown are motion-design vocabulary, relative documentation links, CSS values, or prose examples. These are not executable security behavior by themselves.

scripts/build-frame.mjs:501-510 scripts/captions.mjs:164-202 scripts/lib/assets.mjs:37-45

Project File Writes Are Broad but Expected

The scripts write frame.md, captions, assets, and index.html under the selected HyperFrames project. This is required for the workflow, but the user should run it only in an intended project directory.

リスク要因

⚙️ 外部コマンド (5)

SKILL.md:26 SKILL.md:40 SKILL.md:88 scripts/audio.mjs:85 scripts/assemble-index.mjs:78-91

📁 ファイルシステムへのアクセス (4)

scripts/build-frame.mjs:501-510 scripts/captions.mjs:164-202 scripts/lib/assets.mjs:37-45 scripts/stage-assets.mjs:30-33

⚡ スクリプトを含む (5)

scripts/build-frame.mjs:1 scripts/audio.mjs:1 scripts/captions.mjs:1 scripts/assemble-index.mjs:1 scripts/transitions.mjs:1

🌐 ネットワークアクセス (5)

SKILL.md:26 SKILL.md:40 SKILL.md:90 scripts/assemble-index.mjs:526 scripts/captions.mjs:469

🔑 環境変数 (3)

SKILL.md:42 SKILL.md:90 scripts/audio.mjs:71

検出されたパターン

Inline Script Data InjectionEnvironment-Selected Engine ExecutionRemote CDN Script Execution

← スキルに戻る