ai-email-sequence

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with an external API hosted at https://ai-skills.ai. This is the documented and intended communication channel for the assistant's functionality.
  • [COMMAND_EXECUTION]: A Python runner script (scripts/run.py) is included to facilitate API requests. The script utilizes standard Python modules such as urllib.request and json, following secure practices for network communication and authentication.
  • [CREDENTIALS_UNSAFE]: The skill correctly instructs users to provide sensitive credentials, specifically the AISKILLS_API_KEY, through environment variables rather than hardcoding them in the source code.
  • [PROMPT_INJECTION]: The skill is designed to process external content provided via URL or direct text input, creating a potential surface for indirect prompt injection.
  • Ingestion points: Data enters through the materialUrl, materialFile, and materialText parameters defined in references/form-schema.json.
  • Boundary markers: No specific delimiters or warnings are used to isolate untrusted user content within the instructions.
  • Capability inventory: The skill's capabilities are restricted to making network requests to the vendor's API via scripts/run.py.
  • Sanitization: There is no local sanitization of the input data before it is sent to the API.
  • Analysis: Given that the skill lacks dangerous local capabilities such as arbitrary command execution or access to sensitive system files, the risk associated with this injection surface is minimal and consistent with the tool's primary purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-email-sequence