ai-high-end-visual-design

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill collects user inputs (text, files, and URLs) and transmits them to the official AI Skills API (https://ai-skills.ai) for processing. This transmission is the core functionality of the skill as documented.
  • [EXTERNAL_DOWNLOADS]: The execution script scripts/run.py includes an optional dependency on the certifi Python package to manage SSL certificates for secure communication, which is a standard security practice.
  • [COMMAND_EXECUTION]: No arbitrary command execution was identified. The skill uses a dedicated Python script for API interaction without invoking shell subprocesses or external binaries.
  • [PROMPT_INJECTION]: The skill processes untrusted external data (URLs and user-submitted text) which represents a potential surface for indirect prompt injection. This is a standard risk for LLM-based diagnostic tools and is mitigated by the platform's architectural design. Evidence chain: 1. Ingestion points: materialText, materialFile, materialUrl (references/form-schema.json). 2. Boundary markers: None identified in client-side scripts. 3. Capability inventory: Network POST to vendor API (scripts/run.py). 4. Sanitization: Input is structured via JSON before transmission.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-high-end-visual-design