ai-marketing-videos

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external tools and references remote resources.
  • Recommends installation of the belt-sh/cli package via npx.
  • Fetches installation instructions from a remote GitHub repository (inference-sh/skills).
  • Loads image assets from cloud.inference.sh.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute the belt CLI for video generation, authentication, and file processing. Access is restricted to the belt command via the skill's tool configuration.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where script variables are interpolated into shell commands without sanitization.
  • Ingestion points: Loop variables (e.g., $section, $hook) in SKILL.md are used within shell command strings.
  • Boundary markers: None used to separate variables from the command structure.
  • Capability inventory: Shell command execution via the belt tool (SKILL.md).
  • Sanitization: No evidence of escaping or validation of the interpolated content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:46 PM