Skills
skills/inference-sh-skills/skills/product-hunt-launch/Gen Agent Trust Hub

product-hunt-launch

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the belt CLI and Bash tool to execute specialized applications for image generation, image stitching, and web searching. These commands are consistent with the skill's stated purpose and leverage the author's infrastructure.
  • [EXTERNAL_DOWNLOADS]: The skill references documentation and additional skills hosted on the vendor's GitHub repository (inference-sh/skills) and suggests using npx to manage dependencies. These external references are appropriate for the author's ecosystem.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by instructing the agent to process data from external search providers (tavily/search-assistant and exa/search) without implementing safeguards against malicious content embedded in those results.
  • Ingestion points: External data enters the context via the tavily/search-assistant and exa/search tools as described in SKILL.md.
  • Boundary markers: The skill does not define specific delimiters or "ignore instructions" prompts to isolate data returned from search tools.
  • Capability inventory: The skill is permitted to use the Bash tool and the belt CLI, providing a mechanism for command execution should the agent follow malicious instructions from search data.
  • Sanitization: No validation or sanitization of search tool output is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 06:44 AM
Security Audit — agent-trust-hub — product-hunt-launch