Skills
skills/inference-sh/skills/customer-persona/Gen Agent Trust Hub

customer-persona

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to install the belt-sh/cli and references an installation guide hosted on the author's official GitHub repository. These resources are part of the vendor's intended platform functionality.
  • [COMMAND_EXECUTION]: The skill provides examples for using the belt CLI to execute specific research and image generation tasks. The commands are well-defined and align with the persona creation use case without attempting to execute arbitrary or hidden code.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection because it processes content retrieved from external search engines (Tavily, Exa).
  • Ingestion points: Search results retrieved via belt app run from Tavily and Exa are returned to the agent context (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided command examples.
  • Capability inventory: The skill is restricted to the Bash(belt *) toolset.
  • Sanitization: Input sanitization is not explicitly handled within the skill's instructions, relying instead on the agent's internal safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 07:48 AM
Security Audit — agent-trust-hub — customer-persona