skills/skill-zero/s/book-cover-design/Gen Agent Trust Hub

book-cover-design

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches installation guidelines and skill dependencies from an untrusted third-party GitHub repository (inference-sh/skills).
  • [REMOTE_CODE_EXECUTION]: Promotes the installation and execution of the unverified 'belt' CLI tool and utilizes 'npx' to dynamically add and execute additional skills from an external source.
  • [COMMAND_EXECUTION]: Directs the agent to execute shell commands using the 'belt' utility for authentication and application execution.
  • [PROMPT_INJECTION]: Exhibits a vulnerability surface for indirect prompt injection. 1. Ingestion points: User-provided prompts in the 'belt app run' bash blocks in SKILL.md. 2. Boundary markers: No delimiters or escape sequences are present to isolate user input. 3. Capability inventory: Execution of arbitrary shell commands via the 'belt' CLI. 4. Sanitization: No input validation or sanitization is implemented for the interpolated prompt strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 01:03 AM
Security Audit — agent-trust-hub — book-cover-design