product-hunt-launch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using the belt CLI to run web/search apps (e.g., "belt app run tavily/search-assistant" and "belt app run exa/search" in the Quick Start and Research for Preparation sections) to fetch public Product Hunt and web content that the agent is expected to read and use to shape launch strategy, so untrusted third‑party pages could indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires and invokes the inference.sh CLI (https://inference.sh) via belt app run commands (e.g., running falai/flux-dev-lora), which contacts the inference.sh service at runtime to execute remote apps/models, so external content at that URL is relied on and causes remote code/model execution.