ai-crm-cleanup

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a Python runner script (scripts/run.py) designed to facilitate authenticated communication with the backend service.
  • [EXTERNAL_DOWNLOADS]: The skill performs legitimate network operations to its primary service domain (ai-skills.ai). It also provides functionality to ingest content from external, user-provided URLs via the materialUrl parameter.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from various inputs, which presents a surface for indirect prompt injection.
  • Ingestion points: Data can be provided via text, file uploads, or URLs through the parameters defined in references/form-schema.json.
  • Boundary markers: No specific delimiters or safety instructions to ignore embedded content are defined in the skill's instructions.
  • Capability inventory: The script performs network requests to the vendor's API and handles resulting JSON data.
  • Sanitization: No input escaping or sanitization is performed in the runner script before data is transmitted to the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-crm-cleanup