ai-avatar-video

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation guides the agent to use the belt CLI tool for managing AI model inference. This includes operations like belt login and belt app run, which execute models on the inference.sh platform using structured JSON inputs.
  • [EXTERNAL_DOWNLOADS]: The skill references documentation and installation scripts located in the vendor's GitHub repository (inference-sh/skills). It also provides instructions for installing auxiliary CLI tools using the npx command.
  • [PROMPT_INJECTION]: The skill possesses a potential surface for indirect prompt injection due to its handling of external data.
  • Ingestion points: External data enters the context through the --input JSON payload in various belt app run examples in SKILL.md, including voice_script, image_url, and audio_url fields.
  • Boundary markers: The use of JSON-formatted arguments provides a basic structural boundary for the data being passed to the CLI tool.
  • Capability inventory: The skill is configured with access to the Bash tool to execute belt commands, enabling it to perform media generation and network-based model execution.
  • Sanitization: The instructions do not include specific steps for sanitizing or validating the content of external URLs or text scripts before they are processed by the underlying AI models.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 07:03 PM