linkedin-content
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and encourages downloading installation resources and configuration from a remote repository at
raw.githubusercontent.com/inference-sh/skills/. - [COMMAND_EXECUTION]: The skill instructs the user to execute commands using the
beltCLI andnpx, includingbelt loginfor authentication andbelt app runto execute remote services liketavily/search-assistantandx/post-create. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface.
- Ingestion points: External data is brought into the agent's context through the
tavily/search-assistanttool which retrieves web content (SKILL.md). - Boundary markers: There are no explicit markers or instructions provided to the agent to treat the ingested data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill can perform external write operations via
x/post-createand content generation throughinfsh/html-to-image(SKILL.md). - Sanitization: No validation or sanitization processes are described for the data retrieved from external tools before it is processed by other components.
Audit Metadata