press-release-writing
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill researches information via external search tools (Tavily, Exa), creating a surface for indirect prompt injection.
- Ingestion points: External data is retrieved via
belt app runcommands and processed within the agent context (SKILL.md). - Boundary markers: The instructions do not provide explicit delimiters or guidance to ignore malicious instructions within the research results.
- Capability inventory: The agent is granted
Bash(belt *)permissions, allowing network interaction and tool execution. - Sanitization: There is no documented validation or filtering of the content retrieved from search queries.
- [EXTERNAL_DOWNLOADS]: The skill references the 'belt' CLI and related skills from official repositories. These are standard dependencies for the skill's research-based features.
- [COMMAND_EXECUTION]: The skill uses
beltcommands for authentication and running search modules, which is consistent with its stated purpose.
Audit Metadata