ai-churn-prevention

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's runner script (scripts/run.py) makes outbound network requests to ai-skills.ai (the vendor's domain) to execute skill logic and provide billing information. These operations are essential for the skill's functionality.
  • [COMMAND_EXECUTION]: Includes a Python script (scripts/run.py) designed to be executed by the user. This script serves as a bridge between the local environment and the AI Skills API, handling parameters and authentication.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from multiple external sources, creating a potential surface for indirect prompt injection attacks.
  • Ingestion points: Untrusted data enters the agent context through the materialText, materialUrl, and materialFile parameters defined in SKILL.md and references/form-schema.json.
  • Boundary markers: There are no explicit instructions or delimiters in the provided documentation to help the agent distinguish between its core instructions and embedded content in the ingested materials.
  • Capability inventory: The associated runner script (scripts/run.py) allows for network communication with the vendor's API.
  • Sanitization: No validation or sanitization logic for the content of processed files, URLs, or text snippets is implemented within the skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-churn-prevention