Skills
skills/skillssh/skills/ai-voice-cloning/Gen Agent Trust Hub

ai-voice-cloning

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the belt CLI tool from a remote source on GitHub (github.com/inference-sh/skills). This tool is essential for the skill's primary function of interacting with the AI voice inference platform.\n- [REMOTE_CODE_EXECUTION]: Multiple examples demonstrate the use of npx skills add, which is a command used to fetch and execute skill packages from the inference-sh GitHub repository. This allows for dynamic extension of the agent's capabilities via remote code.\n- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute belt CLI commands for user authentication (belt login), running AI models (belt app run), and processing media files. It also uses standard shell redirection to store outputs locally.\n- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection by interpolating user-provided text into JSON payloads for CLI commands.\n
  • Ingestion points: The prompt and text fields within the --input JSON payload for belt app run commands (e.g., in SKILL.md).\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded agent commands are included in the command construction examples.\n
  • Capability inventory: The skill utilizes shell execution for model interaction, file writing, and network-based inference operations.\n
  • Sanitization: There is no evidence of input validation or sanitization for the strings passed to the voice generation models.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 07:30 PM
Security Audit — agent-trust-hub — ai-voice-cloning