ai-social-media-content
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
beltCLI tool to perform AI inference tasks, including video generation with Google Veo, image generation with FLUX, and text-to-speech with Kokoro. These commands are executed via the Bash tool as defined in the skill's allowed-tools configuration. - [EXTERNAL_DOWNLOADS]: The documentation includes instructions for the user to install the
beltCLI (belt-sh/cli) and supplementary skills from theinference-shorganization using thenpx skills addcommand. - [PROMPT_INJECTION]: The skill processes untrusted data such as user-provided concepts and AI-generated scripts to create social media content. This ingestion of external data without explicit sanitization markers creates a surface for indirect prompt injection.
- Ingestion points: User-defined variables (e.g.,
$CONCEPT,$topic) and scripts generated by Claude are interpolated into the--inputJSON payload of thebeltcommand inSKILL.md. - Boundary markers: None; the data is directly inserted into JSON string templates.
- Capability inventory: The skill can execute shell commands via the
beltCLI, which includes posting to Twitter and running various cloud-based AI models as seen inSKILL.md. - Sanitization: There is no evidence of validation or filtering for the interpolated content.
Audit Metadata