Skills
skills/infsh-skills/skills/p-video/Gen Agent Trust Hub

p-video

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool but limits the execution scope to the belt command through the allowed-tools frontmatter field. This follows the principle of least privilege by restricting the agent's shell access.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation references installation scripts and related tools hosted on the vendor's official GitHub organization (inference-sh). These resources are used for legitimate setup and feature discovery.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by accepting user-provided text for video generation. (1) Ingestion points: User prompts and media URLs are passed as arguments to the belt CLI. (2) Boundary markers: Input data is structured within a JSON object. (3) Capability inventory: Shell access is confined to the belt command. (4) Sanitization: No specific input sanitization is documented in the instructions, but the restricted tool scope mitigates the risk of command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 01:08 AM