ai-content-pipeline
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the
beltcommand-line utility, which is the primary interface for running AI applications on the inference.sh platform. - [EXTERNAL_DOWNLOADS]: The documentation references external resources and installation scripts hosted in the
inference-shGitHub repository for setting up the necessary development environment. - [PROMPT_INJECTION]: The skill defines workflows where output from one AI model (e.g., an LLM-generated script) is used as the input for another (e.g., a text-to-speech engine). This pattern introduces a surface for indirect prompt injection.
- Ingestion points: Data from previous tool executions is piped into subsequent commands using placeholders like
<script-text>or<image-url>. - Boundary markers: The examples do not include explicit delimiters or instructions to ignore embedded commands in the ingested data.
- Capability inventory: The skill allows execution of the
beltCLI via the Bash tool to run various remote AI models. - Sanitization: No automated validation or sanitization of the intermediate AI outputs is specified in the provided workflow templates.
Audit Metadata