Skills
skills/infsh-skills/skills/ai-avatar-video/Gen Agent Trust Hub

ai-avatar-video

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill refers to an installation script hosted on the vendor's official GitHub repository at https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md for the belt CLI.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the belt CLI for logging in and running AI model applications, which involves executing shell commands in the local environment.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: The skill accepts external URLs for images, audio, and video files which are then processed by various AI models via the CLI (SKILL.md).
  • Boundary markers: JSON inputs in shell commands are wrapped in single quotes in the provided examples.
  • Capability inventory: Executes shell commands using the belt tool, including operations that write output to local files (SKILL.md).
  • Sanitization: There are no explicit instructions for validating or sanitizing the content of the remote files before they are processed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:31 PM
Security Audit — agent-trust-hub — ai-avatar-video