Skills
skills/skills-shell/skills/customer-persona/Gen Agent Trust Hub

customer-persona

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references external resources for installation and functionality, including an NPM package (belt-sh/cli) and a GitHub-hosted installation guide (inference-sh/skills). These resources are part of the ecosystem of the tool described in the skill.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute belt CLI commands via the Bash tool to perform market research and generate AI images (SKILL.md).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external sources.
  • Ingestion points: Data enters the context from the output of web search and search-assistant tools (SKILL.md).
  • Boundary markers: While the persona template provides structure, there are no specific delimiters or instructions used to isolate or ignore potentially malicious instructions embedded in the external search results.
  • Capability inventory: The skill has access to the Bash tool which can execute system commands via the belt CLI.
  • Sanitization: No explicit sanitization or filtering of the external research data is described before it is integrated into the persona creation process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 10:16 AM