newsletter-curation
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references installation instructions and related modular skills from the author's official GitHub repository (
github.com/inference-sh/skills). These are verified vendor resources. - [COMMAND_EXECUTION]: Utilizes the
beltCLI tool to run specific applications for web searching (Tavily, Exa), image generation, and social media management. The usage is constrained to the tool's intended functionality within theBash(belt *)scope. - [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface by design, as it fetches and processes content from external websites (news, blogs, forums).
- Ingestion points: Data retrieved from the internet via
tavily/search-assistantandexa/searchtools. - Boundary markers: Absent; there are no specific delimiters or instructions provided to the agent to disregard instructions potentially embedded in the sourced content.
- Capability inventory: The skill has access to the
beltCLI for running further applications and performing social media posts (x/post-create). - Sanitization: Absent; the agent is expected to read and summarize the fetched content directly into the newsletter format.
Audit Metadata