ai-copy-editing

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a Python runner script (scripts/run.py) to facilitate interaction with the backend API. The script is used to transmit parameters and receive analysis results.
  • [DATA_EXFILTRATION]: The runner script sends user-provided content and the AISKILLS_API_KEY to the vendor's official domain (https://ai-skills.ai). This behavior is consistent with the skill's documented purpose as an API client and targets the vendor's own infrastructure.
  • [EXTERNAL_DOWNLOADS]: The Python script includes a conditional import of the certifi package to manage SSL/TLS certificate verification, which is a standard security practice for network communication.
  • [PROMPT_INJECTION]: The skill defines an interface for processing external materials via parameters like materialUrl and materialText. While these represent ingestion points for untrusted data, the script's functionality is limited to network requests to the vendor API, minimizing the risk of local exploitation via indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-copy-editing