press-release-writing
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
beltCLI and add additional skills from npm and GitHub (e.g.,belt-sh/cliandinference-sh/skills). These resources are part of the vendor's own infrastructure. - [COMMAND_EXECUTION]: The skill utilizes the
beltCLI tool to perform research tasks, including authentication (belt login) and executing AI-powered search applications (belt app run tavily/search-assistant). These operations are used to verify statistics and claims for press releases. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection by processing external data from search providers.
- Ingestion points: Output from search results via
belt app runinSKILL.md. - Boundary markers: None identified in the provided examples.
- Capability inventory: Access is restricted specifically to the
beltCLI as defined in theallowed-toolsfrontmatter. - Sanitization: No automated sanitization of search results is demonstrated in the instructions.
Audit Metadata