agent-tools
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the belt CLI tool by piping a script from https://cli.inference.sh directly to the shell.
- [EXTERNAL_DOWNLOADS]: Installation and updates involve downloading binaries and manifests from the vendor's distribution infrastructure at dist.inference.sh.
- [DATA_EXFILTRATION]: The belt CLI tool facilitates reading local media files and uploading them to the inference.sh cloud service for processing by AI models.
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute belt CLI commands for discovering and running cloud-based AI applications.
- [PROMPT_INJECTION]: The skill ingests data from external AI model outputs and local user files, creating an indirect prompt injection surface. \n
- Ingestion points: Resulting JSON and URLs from belt app run commands and local file paths. \n
- Boundary markers: No protective delimiters are specified to separate external content from agent instructions. \n
- Capability inventory: Reading local files and network communication via the belt tool. \n
- Sanitization: No explicit validation or filtering of model-generated content is described.
Audit Metadata