Skills
skills/halt-catch-fire/skills/p-video-avatar/Gen Agent Trust Hub

p-video-avatar

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill documentation includes a parameter disable_safety_filter which is set to true by default. This instruction explicitly directs the underlying model to bypass content safety guidelines.
  • [COMMAND_EXECUTION]: The skill uses the belt CLI within a Bash environment to run the pruna/p-video-avatar application. It constructs shell commands using input parameters like voice_script, video_prompt, and voice_prompt, which may contain untrusted data.
  • [EXTERNAL_DOWNLOADS]: The skill references an external installation guide hosted on GitHub (raw.githubusercontent.com/inference-sh/skills/) and prompts for external media URLs (images and audio) to be processed by the tool.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
  • Ingestion points: Untrusted data enters the agent context through the voice_script, video_prompt, and voice_prompt parameters in SKILL.md.
  • Boundary markers: There are no explicit delimiters or warnings to ignore instructions embedded within the processed text.
  • Capability inventory: The skill is configured to execute shell commands via the belt CLI tool using the Bash capability.
  • Sanitization: The skill lacks apparent sanitization or validation logic for the input strings before they are passed to the CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:15 AM
Security Audit — agent-trust-hub — p-video-avatar