product-hunt-launch
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an installation guide and script hosted on the vendor's official GitHub repository (inference-sh/skills).
- [COMMAND_EXECUTION]: The skill uses the 'belt' CLI tool to perform authentication and run various AI applications for image creation and web research. It also uses 'npx' to add additional skill capabilities.
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection. The skill ingests data from external web searches using 'tavily/search-assistant' and 'exa/search'. Ingestion points: Results from research queries on competitor launches and community sentiment. Boundary markers: Absent. Capability inventory: Use of the 'belt' CLI for shell and tool execution. Sanitization: No sanitization or validation of the external search content is performed before processing.
Audit Metadata