ai-competitor-alternatives

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: User-provided marketing materials and project goals are sent to the vendor's API at https://ai-skills.ai. This is the intended functional behavior of the skill and does not involve unauthorized data transit.
  • [COMMAND_EXECUTION]: The skill includes a script (scripts/run.py) used to initiate API calls. Analysis of the script confirms it only performs network requests and basic job polling without any capability for arbitrary command execution.
  • [PROMPT_INJECTION]: The skill analyzes external data from user-supplied URLs and files. While this creates a surface for indirect prompt injection, it is managed through the skill's specific task focus and does not present an unusual security risk.
  • [CREDENTIALS_UNSAFE]: Required API keys are managed via environment variables (AISKILLS_API_KEY), which is the recommended practice for securing credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-competitor-alternatives