product-hunt-launch
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the '@belt-sh/cli' Node.js package and provides links to installation documentation on GitHub. These resources are verified as belonging to the skill's author ('inference-sh') and are part of the intended setup process.
- [COMMAND_EXECUTION]: The skill includes instructions to use the 'belt' CLI tool for authenticating, running image generation models, and executing search queries. These commands are legitimate uses of the tool as described in the skill's purpose.
- [INDIRECT_PROMPT_INJECTION]: * Ingestion points: External data is ingested via search results from 'tavily/search-assistant' and 'exa/search' in SKILL.md. * Boundary markers: None present in the provided shell commands. * Capability inventory: Uses the 'belt' tool to generate images and query search indexes. * Sanitization: No specific sanitization or filtering of external search content is shown. While this presents an attack surface for indirect injection from the web, it is standard for research capabilities.
Audit Metadata