ai-educational-research-methods

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill's primary activity is sending research data to a verified vendor domain (ai-skills.ai), which aligns with its documented purpose. It securely manages API keys through environment variables.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted input from external URLs, files, and text.\n
  • Ingestion points: Data enters via the materialUrl, materialFile, and materialText parameters in SKILL.md.\n
  • Boundary markers: No specific delimiters are used to separate user-provided content from the system prompt.\n
  • Capability inventory: The skill can perform network operations to a remote API using scripts/run.py.\n
  • Sanitization: No client-side validation or sanitization of the input content is observed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-educational-research-methods