app-store-screenshots
Warn
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'belt-sh/cli' tool via npx and references several other skills from the 'inference-sh' GitHub organization (SKILL.md). It also points to a remote installation resource at 'raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md'.
- [COMMAND_EXECUTION]: The skill executes shell commands using the 'belt' CLI through the 'Bash' tool to perform image and video generation tasks using various AI models.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface.
- Ingestion points: Untrusted data can enter the agent context via the 'prompt' and 'input' arguments in 'belt app run' commands within 'SKILL.md'.
- Boundary markers: Absent; there are no delimiters or warnings to ignore embedded instructions in the generated prompts.
- Capability inventory: The skill executes shell commands ('belt') via the 'Bash' tool to perform model inference.
- Sanitization: No sanitization or escaping of external content is performed before interpolation into the CLI commands.
Audit Metadata