web-search
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references documentation and installation scripts hosted on the official GitHub repository for inference.sh.
- [COMMAND_EXECUTION]: The skill utilizes the
beltCLI tool to perform searches and content extraction. The execution environment is restricted to thebeltcommand via theallowed-toolsfrontmatter configuration. - [PROMPT_INJECTION]: The skill processes untrusted content from the web and interpolates it into LLM prompts, which is a vector for indirect prompt injection.
- Ingestion points: Data retrieved from
tavily/search-assistant,tavily/extract, andexa/extract(SKILL.md). - Boundary markers: The prompt examples use tags like
<search-results>and<content>to separate external data from instructions. - Capability inventory: Execution of the
beltcommand through theBashtool (SKILL.md). - Sanitization: The provided examples do not include explicit logic to sanitize or filter potential instructions within the retrieved web content.
Audit Metadata