ai-content-pipeline
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches configuration and related skills from the author's public repository (github.com/inference-sh/skills).
- [COMMAND_EXECUTION]: Utilizes the belt CLI tool for media generation tasks. The skill uses the allowed-tools configuration to restrict Bash execution strictly to the belt command, which is a security best practice for minimizing the attack surface.
- [PROMPT_INJECTION]: Documents workflow patterns that process external data, creating an attack surface for indirect prompt injection.
- Ingestion points: External text from search tools or user-provided content (e.g., ) is interpolated into model prompts as shown in SKILL.md.
- Boundary markers: The workflows use JSON key-value pairs for tool inputs, providing structural separation, but they lack explicit prompt delimiters or instructions to the agent to ignore instructions embedded in the data variables.
- Capability inventory: The skill orchestrates various text-to-speech, image, and video generation models through the belt CLI, as defined in SKILL.md.
- Sanitization: No specific sanitization, filtering, or escaping of the interpolated strings is documented before the content is passed to the models in the pipeline.
Audit Metadata