ai-baoyu-wechat-summary
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides usage examples in
SKILL.mdfor running a Python-based utility script to process data via the API. - [DATA_EXFILTRATION]: The Python runner (
scripts/run.py) transmits text, files, and URLs to the vendor's API atai-skills.aifor processing. This is the intended functional behavior of the skill and uses the vendor's own infrastructure. - [EXTERNAL_DOWNLOADS]: The
scripts/run.pyscript includes code to optionally utilize thecertifipackage for secure SSL certificate management when making API calls. - [PROMPT_INJECTION]: The skill is designed to process external documents and links, which inherently presents an indirect prompt injection surface. However, the provided runner script does not have access to sensitive local files or the ability to execute arbitrary system commands, mitigating potential risks.
Audit Metadata