press-release-writing

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install the belt CLI and add additional skills from npm and GitHub (e.g., belt-sh/cli and inference-sh/skills). These resources are part of the vendor's own infrastructure.
  • [COMMAND_EXECUTION]: The skill utilizes the belt CLI tool to perform research tasks, including authentication (belt login) and executing AI-powered search applications (belt app run tavily/search-assistant). These operations are used to verify statistics and claims for press releases.
  • [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection by processing external data from search providers.
  • Ingestion points: Output from search results via belt app run in SKILL.md.
  • Boundary markers: None identified in the provided examples.
  • Capability inventory: Access is restricted specifically to the belt CLI as defined in the allowed-tools frontmatter.
  • Sanitization: No automated sanitization of search results is demonstrated in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:46 PM