product-hunt-launch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow includes “Research competitor launches / Community sentiment” via belt app run tavily/search-assistant and belt app run exa/search, which fetches public web pages/search results and feeds their extracted text into the agent’s LLM context (outsider-authored free text from the web).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires and invokes the inference.sh "belt" CLI (https://inference.sh and its install script at https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md) and runs remote apps via "belt app run" and npx installs, which execute remote code and supply/handle prompts at runtime, so this is a runtime external dependency that directly controls prompts/executes code.