ai-content-writer

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Potential for indirect prompt injection due to the ingestion of untrusted external data.
  • Ingestion points: The skill accepts untrusted data through the materialUrl, materialFile, and materialText parameters defined in SKILL.md and references/form-schema.json.
  • Boundary markers: The instructions lack explicit delimiters or instructions to treat external input as data only, increasing the risk that the model might follow malicious instructions embedded in the processed materials.
  • Capability inventory: The skill includes a script (scripts/run.py) that performs network operations to https://ai-skills.ai to process the ingested data.
  • Sanitization: No evidence of input validation or sanitization is present for external content before it is interpolated into the context.
  • [COMMAND_EXECUTION]: The skill provides a Python script (scripts/run.py) intended for executing the skill via an API.
  • The script uses standard libraries to handle environment variables and perform HTTP requests to the vendor's domain. It does not perform unsafe subprocess calls or facilitate arbitrary system command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-content-writer