product-hunt-launch
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has a potential attack surface for indirect prompt injection. \n
- Ingestion points: Untrusted data enters the context via the output of
tavily/search-assistantandexa/search(SKILL.md). \n - Boundary markers: There are no delimiters or specific instructions to the agent to ignore potentially malicious directions within the search results. \n
- Capability inventory: The skill utilizes the
infshCLI via theBashtool, allowing for the execution of various remote applications. \n - Sanitization: No evidence of data sanitization or validation is found for the content retrieved from search providers.\n- [COMMAND_EXECUTION]: The skill documentation includes multiple Bash commands using the
infshCLI to perform tasks like image generation and research, which align with the skill's stated purpose.\n- [EXTERNAL_DOWNLOADS]: The skill suggests installing tools and other skills usingnpx skills add inference-sh/skills@agent-tools, which involves downloading code from an external vendor-controlled repository.
Audit Metadata