Skills
skills/halt-catch-fire/skills/ai-marketing-videos/Gen Agent Trust Hub

ai-marketing-videos

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides multiple Bash command examples using the belt CLI tool to interact with AI models for video, image, and audio generation.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the belt-sh/cli and various skills from the inference-sh organization on GitHub and the NPM registry.
  • [PROMPT_INJECTION]: The skill demonstrates interpolating user-controlled variables into prompts for the belt CLI tool, which represents an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context through prompt placeholders like [problem], [Product], and [Key benefit] in SKILL.md.
  • Boundary markers: No delimiters or explicit warnings are used to separate user input from system instructions.
  • Capability inventory: The skill utilizes the Bash(belt *) tool for media generation and file management.
  • Sanitization: No input validation or escaping mechanisms are documented in the provided shell script examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:15 AM
Security Audit — agent-trust-hub — ai-marketing-videos