ai-content-creator
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a standalone Python runner script (
scripts/run.py) designed to be executed by the user. This script handles parameter processing and manages the interaction with the remote AI service. - [EXTERNAL_DOWNLOADS]: The
scripts/run.pyscript performs network requests tohttps://ai-skills.aito transmit data to the API and receive processed results. This is the intended behavior for the skill's core functionality. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its requirement to process and analyze untrusted external data.
- Ingestion points: Untrusted data enters the agent context via the
materialText,materialUrl, andmaterialFileparameters defined inreferences/form-schema.json. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided configuration files to protect the model from malicious content within inputs.
- Capability inventory: The skill utilizes network communication capabilities through its Python runner to reach the
ai-skills.aiendpoint. - Sanitization: There is no evidence of client-side validation or sanitization of the input data before it is sent to the backend service.
Audit Metadata