customer-persona
Warn
Audited by Snyk on Jun 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The required runtime workflow uses
belt app run tavily/search-assistant/exa/search/exa/answer, which fetches and ingests public web content (outsider-authored text) into the agent’s LLM context via the search/answer results.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill invokes remote apps at runtime via the inference.sh belt CLI (e.g., belt app run tavily/search-assistant and belt app run falai/flux-dev-lora) and points to the installer at https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md and the service https://inference.sh, so external content/code is fetched/executed at runtime and can directly control prompts and outputs.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata