Skills
skills/halt-catch-fire/skills/talking-head-production/Gen Agent Trust Hub

talking-head-production

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the belt CLI tool via npx skills add belt-sh/cli and links to an installation script hosted on a GitHub repository (inference-sh/skills).
  • [COMMAND_EXECUTION]: The skill uses the belt utility to execute commands for logging into the service (belt login) and running various remote AI applications (e.g., belt app run).
  • [PROMPT_INJECTION]: An indirect prompt injection surface is identified where user-supplied text scripts are processed by remote AI models. 1. Ingestion points: The voice_script field within the JSON inputs for the belt app run command in SKILL.md. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the script content. 3. Capability inventory: The skill uses belt app run to invoke remote application logic based on user input. 4. Sanitization: No sanitization or escaping of the script content is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:15 AM
Security Audit — agent-trust-hub — talking-head-production