ai-avatar-video
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation guides the agent to use the
beltCLI tool for managing AI model inference. This includes operations likebelt loginandbelt app run, which execute models on the inference.sh platform using structured JSON inputs. - [EXTERNAL_DOWNLOADS]: The skill references documentation and installation scripts located in the vendor's GitHub repository (
inference-sh/skills). It also provides instructions for installing auxiliary CLI tools using thenpxcommand. - [PROMPT_INJECTION]: The skill possesses a potential surface for indirect prompt injection due to its handling of external data.
- Ingestion points: External data enters the context through the
--inputJSON payload in variousbelt app runexamples inSKILL.md, includingvoice_script,image_url, andaudio_urlfields. - Boundary markers: The use of JSON-formatted arguments provides a basic structural boundary for the data being passed to the CLI tool.
- Capability inventory: The skill is configured with access to the
Bashtool to executebeltcommands, enabling it to perform media generation and network-based model execution. - Sanitization: The instructions do not include specific steps for sanitizing or validating the content of external URLs or text scripts before they are processed by the underlying AI models.
Audit Metadata