account-research-sales-card
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill's runner script (
scripts/run.py) transmits user-provided parameters and a project-specific API key tohttps://ai-skills.ai. This behavior is documented in the skill's metadata and is required for the skill to function with its backend service. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from multiple sources (pasted text, uploaded files, and external URLs) to generate sales insights. This establishes a surface for indirect prompt injection attacks.
- Ingestion points: Data enters through the
targetAccountInfo,accountResearchFile, andaccountSourceUrlfields defined inreferences/form-schema.json. - Boundary markers: No explicit instruction delimiters or markers are present to separate user-provided data from system instructions.
- Capability inventory: The skill utilizes
scripts/run.pyto perform network operations (HTTPS POST requests) to the provider's API. - Sanitization: No input sanitization or validation of the ingested content was observed in the scripts.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The execution script
scripts/run.pyoptionally imports thecertifipackage to provide a valid CA bundle for secure SSL certificate verification.
Audit Metadata