ai-customer-review-aggregator

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Provides a Python script (scripts/run.py) to facilitate interaction with the AI Skills API.
  • [EXTERNAL_DOWNLOADS]: Ingests data from external URLs provided in the materialUrl parameter for analysis.
  • [DATA_EXFILTRATION]: Transmits input data and the AISKILLS_API_KEY to https://ai-skills.ai for processing, which is the intended functionality.
  • [PROMPT_INJECTION]: Processes untrusted external content from URLs, files, or text blocks, creating a surface for indirect prompt injection.
  • Ingestion points: materialText, materialFile, and materialUrl in SKILL.md and references/form-schema.json.
  • Boundary markers: Absent.
  • Capability inventory: Network requests to ai-skills.ai via scripts/run.py.
  • Sanitization: Absent in the provided scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-customer-review-aggregator