competitor-teardown

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the belt CLI to execute various modular applications for automated research, including web search assistants and browser agents. This behavior is central to the skill's stated purpose of competitive intelligence.
  • [EXTERNAL_DOWNLOADS]: The documentation references installing the belt-sh/cli via npx and adding additional skills from the inference-sh ecosystem. These are recognized as legitimate vendor resources from the skill's authoring environment.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests and processes content from external websites and search results. This untrusted data enters the agent's context where capabilities like Python execution are available.
  • Ingestion points: Search results from tavily/search-assistant and exa/search, and website extractions via tavily/extract.
  • Boundary markers: None identified in the provided templates; external content is interpolated directly into prompts.
  • Capability inventory: Shell command execution via belt and Python execution via infsh/python-executor.
  • Sanitization: No validation or escaping of external search data was found in the documentation templates.
  • [COMMAND_EXECUTION]: The skill uses infsh/python-executor to run a static Python script for generating positioning maps. The script uses the matplotlib library and does not perform dangerous system operations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 05:22 AM
Security Audit — agent-trust-hub — competitor-teardown