Skills
skills/halt-catch-fire/skills/agent-tools/Gen Agent Trust Hub

agent-tools

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's setup instructions include a common installation pattern that pipes a shell script from the vendor's domain (https://cli.inference.sh) directly into the shell. A more secure manual installation method involving checksum verification is also provided as an alternative.
  • [COMMAND_EXECUTION]: The skill is configured to use the Bash tool to execute the belt CLI, allowing the agent to manage apps, search the store, and run AI tasks locally.
  • [DATA_EXFILTRATION]: The CLI tool includes built-in functionality to upload local files to the inference.sh cloud (e.g., cloud.inference.sh) when a local file path is provided in place of a URL for processing tasks like image upscaling or video generation.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it can ingest untrusted data from the web using search tools (such as Tavily or Exa) and process that data through AI models, potentially influencing subsequent agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:15 AM
Security Audit — agent-trust-hub — agent-tools