ai-marketing-videos
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
beltCLI to interface with AI models for video and audio production. The execution environment is restricted by theallowed-toolsfrontmatter, which limits theBashtool to only run commands associated with thebeltbinary. - [EXTERNAL_DOWNLOADS]: The documentation references an external installation script hosted on the
inference-shGitHub repository for the purpose of setting up the required CLI environment. This is a standard delivery mechanism for the described service. - [PROMPT_INJECTION]: There is an inherent surface for indirect prompt injection as the skill constructs prompts for remote AI models based on user input. However, the skill does not use the output of these models in a way that could lead to local command execution or privilege escalation.
- [NO_CODE]: The skill primarily consists of markdown documentation and example command-line workflows rather than executable script files, which reduces the local attack surface.
Audit Metadata