The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references the installation of the vendor's CLI tool ('belt-sh/cli') and fetches configuration documentation from the official 'inference-sh' GitHub repository. These actions use recognized vendor resources and are standard for the skill's setup.- [COMMAND_EXECUTION]: The skill utilizes the 'belt' CLI for performing web searches and extracting data. These command patterns are focused on the skill's core functionality and do not exhibit suspicious behavior such as privilege escalation or persistence.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from the internet via search and extraction tools. While instructions hidden in web content could attempt to influence the agent, this is an inherent risk of web-scraping functionality.
Ingestion points: Content is ingested from external URLs via 'tavily/extract' and 'exa/extract' (as seen in 'SKILL.md').
Boundary markers: No specific delimiters or safety instructions are demonstrated in the example workflows to isolate untrusted web content.
Capability inventory: The 'belt' tool is used to execute web searches and can pipe data to other applications or LLM models (e.g., 'openrouter/claude-sonnet-45' in 'SKILL.md').
Sanitization: The skill does not show evidence of sanitizing or filtering the content retrieved from external websites before further processing.

web-search