ai-educational-research-methods
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary activity is sending research data to a verified vendor domain (ai-skills.ai), which aligns with its documented purpose. It securely manages API keys through environment variables.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted input from external URLs, files, and text.\n
- Ingestion points: Data enters via the
materialUrl,materialFile, andmaterialTextparameters inSKILL.md.\n - Boundary markers: No specific delimiters are used to separate user-provided content from the system prompt.\n
- Capability inventory: The skill can perform network operations to a remote API using
scripts/run.py.\n - Sanitization: No client-side validation or sanitization of the input content is observed.
Audit Metadata