Skills
skills/infsh-skills/skills/google-veo/Gen Agent Trust Hub

google-veo

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the belt CLI tool to interact with the Inference.sh platform. It provides instructions to execute commands for listing models, generating sample inputs, and performing video inference with various Google Veo versions.
  • [EXTERNAL_DOWNLOADS]: The skill references installation instructions for the CLI and provides commands to add related skill packages from the vendor's official GitHub repository (inference-sh/skills). All external references point to legitimate vendor-controlled infrastructure.
  • [PROMPT_INJECTION]: The skill provides an interface that interpolates user-provided text prompts into shell commands (e.g., belt app run ... --input '{"prompt": "..."}'). This identifies a surface for indirect prompt injection where a malicious prompt could attempt to manipulate the resulting command or API request.
  • Ingestion points: User input is used to populate the 'prompt' field within a JSON-formatted input for the belt command in SKILL.md.
  • Boundary markers: Inputs are delimited by double quotes within a JSON object, which is further wrapped in single quotes for the bash command execution.
  • Capability inventory: The skill requires access to the Bash(belt *) tool, which performs network operations to reach the video generation API and manages local application state.
  • Sanitization: There is no explicit sanitization provided in the instructions, as it relies on the agent's ability to construct valid JSON and the platform's backend validation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 04:30 PM
Security Audit — agent-trust-hub — google-veo