content-repurposing
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the belt CLI via "npx skills add belt-sh/cli" and references installation instructions hosted on GitHub at "raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md". These are necessary components for the skill's functionality.
- [COMMAND_EXECUTION]: The skill utilizes the belt CLI within a Bash environment to interact with the inference.sh platform. Examples include running image generation apps, text-to-speech tools, and social media automation commands.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted external content (transcribing podcasts or adapting blog posts) and has the capability to perform actions like posting to social media.
- Ingestion points: Audio files (e.g., episode-42.mp3) and blog post text enter the agent context via transcription and summarization tools.
- Boundary markers: No explicit markers or instructions to ignore embedded commands are present in the examples provided.
- Capability inventory: The skill can use the belt CLI to post content to external platforms (e.g., x/post-create) and generate media.
- Sanitization: No sanitization or filtering of input content is described in the instruction set.
Audit Metadata