Skills
skills/inference-skills/skills/ai-automation-workflows/Gen Agent Trust Hub

ai-automation-workflows

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits several indirect prompt injection surfaces where external or untrusted data is interpolated directly into LLM prompts.
  • Ingestion points: In data_processing.sh, local file contents are read via cat $file. In content_pipeline.sh, search results from an external assistant are stored in $RESEARCH. In conditional_workflow.sh, user-provided $INPUT_TEXT is used.
  • Boundary markers: No delimiters (like XML tags or markdown blocks) or 'ignore' instructions are present to separate the data from the system instructions.
  • Capability inventory: The skill uses belt app run to call various AI models and services, and subprocess.run in Python to execute system commands.
  • Sanitization: No input validation or sanitization is performed on the ingested data before prompt interpolation.
  • [EXTERNAL_DOWNLOADS]: The documentation references external installation scripts and additional skills hosted on the inference-sh GitHub organization.
  • Evidence: References to https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md for CLI installation and several npx skills add commands for related functionality.
  • [COMMAND_EXECUTION]: The skill is primarily composed of shell scripts (Bash) and Python scripts that execute the belt CLI tool to perform AI operations, which is the intended purpose of the automation workflow templates.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 10:14 PM