Skills
skills/infsh-skills/skills/talking-head-production/Gen Agent Trust Hub

talking-head-production

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references installation documentation for its required CLI tool, which is hosted on the vendor's GitHub repository.
  • [COMMAND_EXECUTION]: The skill uses the belt CLI tool to perform media generation and account authentication, which is permitted by the skill's manifest configuration.
  • [REMOTE_CODE_EXECUTION]: Documentation provides instructions for installing supplementary skill modules using the npx skills add command, which downloads content from the vendor's official repository.
  • [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection via user-provided text inputs for audio and video generation.
  • Ingestion points: Text prompts provided in JSON payloads to the belt app run command for generating narration or portraits (SKILL.md).
  • Boundary markers: Input data is encapsulated within structured JSON objects to separate instructions from data.
  • Capability inventory: The skill utilizes the belt CLI tool for media synthesis and processing.
  • Sanitization: Standard tool-level validation is expected; no custom sanitization steps are defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 02:47 AM