betly-store
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
climbing-gopackage globally from the NPM registry. This tool is the primary mechanism for the skill's functionality and is provided by the vendor. - [COMMAND_EXECUTION]: The skill performs shell command execution through the
climbing-goCLI. It maps user-provided information, such as city names and search keywords, to command-line arguments like--cityand--search. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it interpolates untrusted user input directly into CLI arguments. While this is a standard behavior for CLI-based skills, it represents a vulnerability surface if the executing agent does not perform proper shell escaping.
- Ingestion points: User phrases regarding gym locations and names processed in
SKILL.md. - Boundary markers: None present.
- Capability inventory: Execution of shell commands via the
climbing-goCLI. - Sanitization: No explicit sanitization or validation steps are defined within the skill instructions.
Audit Metadata