ai-co-marketing

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements a Python runner script (scripts/run.py) that acts as a secure bridge to the https://ai-skills.ai API. It uses environment variables for authentication and standard libraries for network communication, adhering to best practices for API-based tools.
  • [PROMPT_INJECTION]: The skill accepts user-supplied data via text, file uploads, and external URLs, which represents a potential indirect prompt injection surface. This is a standard architectural feature for this use case and is considered safe.
  • Ingestion points: materialText, materialFile, and materialUrl fields in references/form-schema.json.
  • Boundary markers: No explicit delimiters are present in the client-side files; safety relies on the backend LLM processing.
  • Capability inventory: The skill calls the AI Skills execution API.
  • Sanitization: Inputs are handled as standard parameters without client-side modification before being sent to the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-co-marketing