Skills
skills/infsh-skills/skills/ai-automation-workflows/Gen Agent Trust Hub

ai-automation-workflows

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates processing external data by interpolating it directly into prompts for AI models, creating an indirect prompt injection surface.
  • Ingestion points: The data_processing.sh script reads local file content using $(cat $file), and conditional_workflow.sh processes the $INPUT_TEXT variable.
  • Boundary markers: Absent; the external content is placed directly into the prompt string without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill uses belt app run to invoke various AI models (Claude, Flux, etc.) based on these prompts.
  • Sanitization: No sanitization, escaping, or validation is performed on the ingested content before it is processed by the AI models.
  • [COMMAND_EXECUTION]: The skill provides numerous Bash and Python script templates that execute the belt CLI tool and other shell commands.
  • Evidence: Scripts like batch_images.sh, content_pipeline.sh, and automation.py use shell execution or subprocess calls to run vendor-provided tools.
  • [EXTERNAL_DOWNLOADS]: The skill references installation instructions and other skills hosted on the author's GitHub repository.
  • Evidence: Links to https://raw.githubusercontent.com/inference-sh/skills/ and commands like npx skills add inference-sh/skills@... are used to extend functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 07:15 PM
Security Audit — agent-trust-hub — ai-automation-workflows