landing-page-design
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references external installation instructions and CLI tools hosted on GitHub and the inference.sh domain.
- Evidence: Provides instructions to install the
belt-sh/cliand points tohttps://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.mdfor setup. - [COMMAND_EXECUTION]: The skill uses the
beltCLI tool to execute various tasks including image generation and search queries. - Evidence: Includes multiple code blocks utilizing
belt app runwith various models (falai/flux-dev-lora,tavily/search-assistant,exa/answer). - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its reliance on external data retrieval tools.
- Ingestion points: The skill uses
tavily/search-assistantandexa/answerto fetch live data from the web. - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between internal instructions and potentially adversarial content within the search results.
- Capability inventory: The skill is configured with
Bash(belt *)access, allowing the agent to execute commands based on potentially influenced outputs. - Sanitization: There are no apparent sanitization or validation steps for the data returned from external searches.
Audit Metadata