ai-baoyu-wechat-summary

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides usage examples in SKILL.md for running a Python-based utility script to process data via the API.
  • [DATA_EXFILTRATION]: The Python runner (scripts/run.py) transmits text, files, and URLs to the vendor's API at ai-skills.ai for processing. This is the intended functional behavior of the skill and uses the vendor's own infrastructure.
  • [EXTERNAL_DOWNLOADS]: The scripts/run.py script includes code to optionally utilize the certifi package for secure SSL certificate management when making API calls.
  • [PROMPT_INJECTION]: The skill is designed to process external documents and links, which inherently presents an indirect prompt injection surface. However, the provided runner script does not have access to sensitive local files or the ability to execute arbitrary system commands, mitigating potential risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-baoyu-wechat-summary