Skills
skills/halt-catch-fire/skills/ai-video-generation/Gen Agent Trust Hub

ai-video-generation

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references external resources and dependencies for tool setup:
  • References an installation guide at https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md.
  • Suggests installing the belt-sh/cli skill module via the npx skills add command.- [PROMPT_INJECTION]: The skill configuration allows for the processing of untrusted user data, creating a surface for indirect prompt injection:
  • Ingestion points: User-provided text prompts and media URLs (e.g., image_url, audio_url, video_url) are passed as arguments to the belt CLI tool in SKILL.md.
  • Boundary markers: Although the input is formatted as JSON, there are no specific agent instructions to ignore malicious directives that might be contained within those strings.
  • Capability inventory: The skill is authorized to use the belt tool via Bash commands to perform video generation and editing tasks.
  • Sanitization: The instructions do not define any sanitization, validation, or escaping logic for the content provided by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:16 AM
Security Audit — agent-trust-hub — ai-video-generation