press-release-writing
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process data from external search providers (Tavily and Exa) to assist with research and fact-checking. This creates a surface for indirect prompt injection where malicious content from the web could potentially influence the agent's writing or behavior.
- Ingestion points: SKILL.md (via
infsh app runtool calls for research and market data). - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded prompts within the retrieved search data.
- Capability inventory: Access to
Bash(infsh *)for executing search queries and platform commands. - Sanitization: No explicit sanitization or validation of the external content is described before it is used in the writing process.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
inference.shCLI and additional extensions usingnpx skills add inference-sh/skills@agent-tools. These resources are part of the vendor's infrastructure (tul-sh) and are used to provide the research and fact-checking capabilities described in the documentation. - [COMMAND_EXECUTION]: The skill requires access to the
Bashtool to executeinfshcommands. These commands are used for session management (infsh login) and running research applications (infsh app run) to support the press release writing workflow.
Audit Metadata