web-search
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by retrieving data from external websites and piping it into LLM prompts. Malicious content on a web page could potentially influence the agent's behavior.
- Ingestion points: Data enters the agent context through the
tavily/extract,exa/extract, andtavily/search-assistanttools which read external URLs and search results. - Boundary markers: The skill documentation suggests using simple placeholders like
<search-results>and<content>, but does not provide robust boundary markers or instructions to ignore embedded commands within the fetched data. - Capability inventory: The skill uses the
Bashtool and thebeltCLI to execute remote search and extraction tasks. - Sanitization: There is no evidence of sanitization or filtering of the extracted web content before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to download and install the
beltCLI usingnpx skills add belt-sh/cliand references installation scripts hosted on GitHub. - [COMMAND_EXECUTION]: The skill extensively uses the
beltcommand-line tool via theBashtool to perform searches, extract data, and run remote applications on the inference.sh platform.
Audit Metadata