newsletter-curation
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install an external toolset using
npx skills add belt-sh/cliand references installation guidelines hosted athttps://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md. It also suggests adding supplemental skills from theinference-shorganization. - [COMMAND_EXECUTION]: The provided instructions utilize the
beltCLI tool to perform authentication (belt login) and execute remote applications such astavily/search-assistant,exa/search, andx/post-createfor content sourcing and social media distribution. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external content from search engines.
- Ingestion points: Untrusted data enters the agent context through the outputs of
tavily/search-assistantandexa/searchas demonstrated inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed search results.
- Capability inventory: The skill operates within an environment where the
beltCLI can perform network operations and post to social media platforms (x/post-create). - Sanitization: No evidence of content sanitization or validation is present before the external data is used for newsletter drafting.
Audit Metadata