product-hunt-launch
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill points users to installation instructions for the 'belt' CLI hosted on the author's GitHub repository ('github.com/inference-sh/skills'). These references are consistent with the vendor's own infrastructure and intended functionality.
- [COMMAND_EXECUTION]: The instructions include several Bash commands using the 'belt' utility. These commands are used to run specific applications (like 'falai/flux-dev-lora' for images or 'tavily/search-assistant' for research), which aligns with the skill's stated purpose of optimizing product launches.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill uses tools ('tavily/search-assistant', 'exa/search') that fetch data from external websites into the agent's context.
- Boundary markers: None explicitly defined in the provided command examples.
- Capability inventory: The skill has access to the 'Bash' tool to execute 'belt' commands.
- Sanitization: There is no evidence of sanitization for data retrieved from external search tools. While this creates an attack surface for indirect prompt injection from malicious search results, the risk is minimal given the specialized context of Product Hunt research.
Audit Metadata