ai-humanizer-zh
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to process external content supplied by users.
- Ingestion points: Untrusted data enters the context via the
materialText(pasted text),materialFile(uploaded documents), andmaterialUrl(external links) parameters defined inreferences/form-schema.json. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill's operational instructions.
- Capability inventory: The skill utilizes
scripts/run.pyto transmit data to theai-skills.aiAPI. - Sanitization: No sanitization or validation of the input content is performed within the provided client-side files.
- [COMMAND_EXECUTION]: The skill documentation instructs users to execute a Python script (
scripts/run.py) to interact with the AI Skills API. The script is a standard HTTP client wrapper. - [EXTERNAL_DOWNLOADS]: The Python runner makes outbound network requests to the vendor's API endpoint at
https://ai-skills.aito process user requests. This is the intended and documented behavior of the skill.
Audit Metadata