ai-copy-editing
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a Python runner script (
scripts/run.py) to facilitate interaction with the backend API. The script is used to transmit parameters and receive analysis results. - [DATA_EXFILTRATION]: The runner script sends user-provided content and the
AISKILLS_API_KEYto the vendor's official domain (https://ai-skills.ai). This behavior is consistent with the skill's documented purpose as an API client and targets the vendor's own infrastructure. - [EXTERNAL_DOWNLOADS]: The Python script includes a conditional import of the
certifipackage to manage SSL/TLS certificate verification, which is a standard security practice for network communication. - [PROMPT_INJECTION]: The skill defines an interface for processing external materials via parameters like
materialUrlandmaterialText. While these represent ingestion points for untrusted data, the script's functionality is limited to network requests to the vendor API, minimizing the risk of local exploitation via indirect prompt injection.
Audit Metadata