Skills
skills/skills-shell/skills/ai-automation-workflows/Gen Agent Trust Hub

ai-automation-workflows

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The 'Data Processing Pipeline' section provides a script that reads external file content (cat $file) and interpolates it directly into an LLM prompt for the belt CLI. This pattern lack markers to distinguish data from instructions, creating an indirect prompt injection surface.
  • Ingestion points: SKILL.md (Data Processing Pipeline script loop)
  • Boundary markers: Absent; untrusted file content is concatenated directly into the instruction string.
  • Capability inventory: Command execution via belt CLI for multiple AI services.
  • Sanitization: Absent; no validation or escaping of the ingested file content is performed.
  • [DATA_EXFILTRATION]: The 'Error Alerting' script uses curl to transmit command outputs and error messages to a non-whitelisted external domain (your-webhook.com). While a placeholder, this demonstrates a pattern for exfiltrating potentially sensitive execution results.
  • [COMMAND_EXECUTION]: The skill provides numerous Bash and Python scripts that utilize shell loops, background processes (&), and process management (wait). While the allowed-tools frontmatter limits the agent to the belt command, the provided examples suggest a broader range of required system capabilities.
  • [EXTERNAL_DOWNLOADS]: The skill references external resources and installation instructions hosted on GitHub under the inference-sh organization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 10:16 AM