pitch-deck-visuals
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
beltCLI tool for various operations, including authentication (belt login) and executing remote applications viabelt app run. This is the standard operational mode for the associated platform. - [EXTERNAL_DOWNLOADS]: The documentation references installation instructions hosted on GitHub (
raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md). These resources are directly related to the vendor's own infrastructure and tools. - [REMOTE_CODE_EXECUTION]: The skill generates and executes Python code snippets via the
infsh/python-executorapplication. The provided code is specifically designed for rendering charts using thematplotliblibrary and does not perform any suspicious system or network operations. - [REMOTE_CODE_EXECUTION]: The skill uses
infsh/html-to-imageto render HTML/CSS into images. This is a dynamic execution of markup content provided in the instructions for visual styling. - [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists because the skill encourages the agent to interpolate data into Python and HTML templates.
- Ingestion points: The agent is expected to process pitch deck content (problem statements, traction metrics) which could be provided by users.
- Boundary markers: There are no explicit boundary markers or instructions to sanitize or escape user-provided content before inserting it into the
htmlorpythonblocks. - Capability inventory: The skill utilizes
belt app runwhich supports Python execution and HTML rendering. Access to these capabilities is restricted to the tools allowed in the frontmatter (Bash). - Sanitization: No explicit sanitization or validation of the generated code/markup is described in the skill body.
Audit Metadata