ai-competitor-alternatives
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: User-provided marketing materials and project goals are sent to the vendor's API at
https://ai-skills.ai. This is the intended functional behavior of the skill and does not involve unauthorized data transit. - [COMMAND_EXECUTION]: The skill includes a script (
scripts/run.py) used to initiate API calls. Analysis of the script confirms it only performs network requests and basic job polling without any capability for arbitrary command execution. - [PROMPT_INJECTION]: The skill analyzes external data from user-supplied URLs and files. While this creates a surface for indirect prompt injection, it is managed through the skill's specific task focus and does not present an unusual security risk.
- [CREDENTIALS_UNSAFE]: Required API keys are managed via environment variables (
AISKILLS_API_KEY), which is the recommended practice for securing credentials.
Audit Metadata