Skills
skills/inference-sh/skills/ai-marketing-videos/Gen Agent Trust Hub

ai-marketing-videos

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the belt CLI tool via the Bash tool to perform video generation, audio synthesis, and media merging operations.- [EXTERNAL_DOWNLOADS]: Recommends installing the vendor-specific CLI tool belt-sh/cli via npx and references an external installation guide hosted on the vendor's GitHub repository.- [PROMPT_INJECTION]: Identifies an attack surface for indirect prompt injection within the described automated video production workflows.
  • Ingestion points: Data is ingested from an LLM-generated script (claude-sonnet-45) and used to dynamically generate scene prompts in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The skill utilizes the belt tool for network-based generation and the Bash tool for local file management and automation.
  • Sanitization: There is no evidence of sanitization or validation for content generated in one step before it is interpolated into prompts for subsequent video generation steps.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 07:48 AM
Security Audit — agent-trust-hub — ai-marketing-videos