ai-crm-cleanup
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python runner script (
scripts/run.py) designed to facilitate authenticated communication with the backend service. - [EXTERNAL_DOWNLOADS]: The skill performs legitimate network operations to its primary service domain (
ai-skills.ai). It also provides functionality to ingest content from external, user-provided URLs via thematerialUrlparameter. - [PROMPT_INJECTION]: The skill ingests untrusted data from various inputs, which presents a surface for indirect prompt injection.
- Ingestion points: Data can be provided via text, file uploads, or URLs through the parameters defined in
references/form-schema.json. - Boundary markers: No specific delimiters or safety instructions to ignore embedded content are defined in the skill's instructions.
- Capability inventory: The script performs network requests to the vendor's API and handles resulting JSON data.
- Sanitization: No input escaping or sanitization is performed in the runner script before data is transmitted to the API.
Audit Metadata