Skills
skills/infsh-skills/skills/image-to-video/Gen Agent Trust Hub

image-to-video

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references an installation guide for the 'belt' CLI tool on the vendor's official GitHub repository (inference-sh/skills).
  • [COMMAND_EXECUTION]: The skill uses the 'belt' CLI tool to execute video generation workflows, involving remote API interaction and local file operations.
  • [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by interpolating user-provided text into JSON payloads for CLI commands.
  • Ingestion points: User-defined prompts are passed to 'belt app run' commands in SKILL.md.
  • Boundary markers: None; prompt strings are embedded directly in the input JSON.
  • Capability inventory: The 'belt' tool performs network requests and processes local files.
  • Sanitization: No input sanitization or validation is specified in the instruction templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 11:49 PM
Security Audit — agent-trust-hub — image-to-video