app-store-screenshots

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of external components, specifically the belt-sh/cli and documentation from the inference-sh GitHub organization. These are standard dependencies for the associated service.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by interpolating user-provided text into the prompt argument of CLI commands (e.g., belt app run). While the Bash tool is restricted to the belt command, untrusted input could attempt to influence the agent's behavior.
  • Ingestion points: User-provided prompts used as input for the belt CLI tool in SKILL.md examples.
  • Boundary markers: No delimiters or safety instructions are included to isolate user input from the rest of the command.
  • Capability inventory: The skill uses the Bash tool, restricted to belt * commands via allowed-tools configuration.
  • Sanitization: The provided examples do not include input validation or sanitization of the strings passed to the CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 11:31 PM
Security Audit — agent-trust-hub — app-store-screenshots