press-release-writing
Warn
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'belt' CLI from an external GitHub repository (inference-sh/skills) that is not included in the trusted vendor list.
- [REMOTE_CODE_EXECUTION]: Instructions guide the agent to install additional skills from unverified third-party sources using 'npx skills add'.
- [DATA_EXFILTRATION]: The skill performs network requests to non-whitelisted domains including inference.sh, tavily.com, and exa.ai to fetch research data.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute 'belt' commands for searching, fact-checking, and account authentication ('belt login').
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion of untrusted data from external search providers.
- Ingestion points: Results from tavily/search-assistant and exa/search tools in SKILL.md.
- Boundary markers: No delimiters or protective instructions are used for the external content.
- Capability inventory: The skill has permission to execute shell commands via the Bash tool.
- Sanitization: No evidence of validation or filtering of external input before it is processed by the agent.
Audit Metadata