Skills
skills/halt-catch-fire/skills/customer-persona/Gen Agent Trust Hub

customer-persona

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external CLI commands using the belt tool (via the Bash tool) to perform market research and generate images.
  • [EXTERNAL_DOWNLOADS]: The skill references an external installation script from the inference-sh GitHub repository and suggests installing the belt-sh/cli Node.js package.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) by processing untrusted data from web search results.
  • Ingestion points: Data from tavily/search-assistant, exa/search, and exa/answer tool outputs are used to populate persona templates.
  • Boundary markers: No specific delimiters are used to separate untrusted search data from the agent's instructions.
  • Capability inventory: Uses falai/flux-dev-lora for image generation and performs network-based search operations.
  • Sanitization: Search results are used directly to construct personas and prompts without prior validation or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:15 AM
Security Audit — agent-trust-hub — customer-persona