ai-marketing-videos
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external tools and references remote resources.
- Recommends installation of the
belt-sh/clipackage vianpx. - Fetches installation instructions from a remote GitHub repository (
inference-sh/skills). - Loads image assets from
cloud.inference.sh. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute thebeltCLI for video generation, authentication, and file processing. Access is restricted to thebeltcommand via the skill's tool configuration. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where script variables are interpolated into shell commands without sanitization.
- Ingestion points: Loop variables (e.g.,
$section,$hook) inSKILL.mdare used within shell command strings. - Boundary markers: None used to separate variables from the command structure.
- Capability inventory: Shell command execution via the
belttool (SKILL.md). - Sanitization: No evidence of escaping or validation of the interpolated content.
Audit Metadata