case-study-writing
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from external search tools. \n
- Ingestion points: Content is retrieved from
tavily/search-assistant,exa/search, andexa/answerinSKILL.md. \n - Boundary markers: No delimiters or instructions are used to separate external content or warn the agent about embedded commands. \n
- Capability inventory: The skill utilizes
Bash(belt *)for shell operations, file writing, and arbitrary Python execution viainfsh/python-executor. \n - Sanitization: No validation or filtering is applied to data from external searches. \n- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
beltCLI and references installation scripts on the vendor's GitHub repository. \n- [COMMAND_EXECUTION]: The skill utilizes thebeltutility to execute research tools and data processing tasks. \n- [REMOTE_CODE_EXECUTION]: The skill executes dynamically generated Python code via an executor tool to create visual charts.
Audit Metadata