ai-high-end-visual-design
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill collects user inputs (text, files, and URLs) and transmits them to the official AI Skills API (https://ai-skills.ai) for processing. This transmission is the core functionality of the skill as documented.
- [EXTERNAL_DOWNLOADS]: The execution script scripts/run.py includes an optional dependency on the certifi Python package to manage SSL certificates for secure communication, which is a standard security practice.
- [COMMAND_EXECUTION]: No arbitrary command execution was identified. The skill uses a dedicated Python script for API interaction without invoking shell subprocesses or external binaries.
- [PROMPT_INJECTION]: The skill processes untrusted external data (URLs and user-submitted text) which represents a potential surface for indirect prompt injection. This is a standard risk for LLM-based diagnostic tools and is mitigated by the platform's architectural design. Evidence chain: 1. Ingestion points: materialText, materialFile, materialUrl (references/form-schema.json). 2. Boundary markers: None identified in client-side scripts. 3. Capability inventory: Network POST to vendor API (scripts/run.py). 4. Sanitization: Input is structured via JSON before transmission.
Audit Metadata