agent-tools
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents an installation method involving downloading and executing a shell script from the vendor's official domain (cli.inference.sh). This is a standard installation pattern for the provided CLI tool.
- [COMMAND_EXECUTION]: The skill utilizes the 'belt' CLI tool for interacting with AI applications. Access to the shell is restricted via platform configuration to only allow commands prefixed with 'belt', limiting the agent's capability to the intended toolset.
- [DATA_EXFILTRATION]: The CLI tool is designed to upload local files (such as images, audio, or video) to the inference.sh cloud servers when those files are provided as inputs to AI applications. This data transmission is the primary intended function of the skill for processing local media.
- [EXTERNAL_DOWNLOADS]: The skill fetches application manifests and binary updates from the vendor's distribution infrastructure (dist.inference.sh) during setup and update operations.
Audit Metadata