ai-customer-pulse
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection due to its processing of untrusted external content.\n
- Ingestion points: User-supplied data is ingested via the
materialText,materialFile, andmaterialUrlparameters as defined inreferences/form-schema.json.\n - Boundary markers: The instructions do not specify delimiters or warnings for the agent to ignore instructions contained within the analyzed materials.\n
- Capability inventory: The skill utilizes a Python script (
scripts/run.py) to transmit ingested data to the vendor's API atai-skills.ai.\n - Sanitization: No evidence of input validation, filtering, or escaping for the external content is present in the analyzed files.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations and references external information sources.\n
- The script
scripts/run.pymakes network requests to the vendor's domainai-skills.aito execute its core functionality.\n - Skill metadata in
references/skill.jsonreferences resources fromskillsmp.comand the trusted organization repositoryanthropics/knowledge-work-plugins.
Audit Metadata