landing-page-design
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a CLI installation guide hosted on the vendor's GitHub repository at https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md.
- [COMMAND_EXECUTION]: The skill utilizes the 'belt' command-line interface to execute various AI applications for image generation and competitor research. It also provides examples for managing additional skills via 'npx'.
- [PROMPT_INJECTION]: The skill processes untrusted web data retrieved via search applications, which presents a surface for indirect prompt injection. * Ingestion points: Data enters the context through the tavily/search-assistant and exa/answer tools. * Boundary markers: The provided instructions do not include specific delimiters or 'ignore' commands for the retrieved external data. * Capability inventory: The skill uses subprocess commands via the 'belt' CLI and skill management via 'npx'. * Sanitization: No content sanitization or validation of the search results is implemented.
Audit Metadata