app-store-screenshots
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of external components, specifically the
belt-sh/cliand documentation from theinference-shGitHub organization. These are standard dependencies for the associated service. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by interpolating user-provided text into the
promptargument of CLI commands (e.g.,belt app run). While the Bash tool is restricted to thebeltcommand, untrusted input could attempt to influence the agent's behavior. - Ingestion points: User-provided prompts used as input for the
beltCLI tool inSKILL.mdexamples. - Boundary markers: No delimiters or safety instructions are included to isolate user input from the rest of the command.
- Capability inventory: The skill uses the
Bashtool, restricted tobelt *commands viaallowed-toolsconfiguration. - Sanitization: The provided examples do not include input validation or sanitization of the strings passed to the CLI tool.
Audit Metadata