competitor-teardown
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
beltCLI to execute various modular applications for automated research, including web search assistants and browser agents. This behavior is central to the skill's stated purpose of competitive intelligence. - [EXTERNAL_DOWNLOADS]: The documentation references installing the
belt-sh/clivianpxand adding additional skills from theinference-shecosystem. These are recognized as legitimate vendor resources from the skill's authoring environment. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests and processes content from external websites and search results. This untrusted data enters the agent's context where capabilities like Python execution are available.
- Ingestion points: Search results from
tavily/search-assistantandexa/search, and website extractions viatavily/extract. - Boundary markers: None identified in the provided templates; external content is interpolated directly into prompts.
- Capability inventory: Shell command execution via
beltand Python execution viainfsh/python-executor. - Sanitization: No validation or escaping of external search data was found in the documentation templates.
- [COMMAND_EXECUTION]: The skill uses
infsh/python-executorto run a static Python script for generating positioning maps. The script uses thematplotliblibrary and does not perform dangerous system operations.
Audit Metadata