ai-humanizer-zh

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to process external content supplied by users.
  • Ingestion points: Untrusted data enters the context via the materialText (pasted text), materialFile (uploaded documents), and materialUrl (external links) parameters defined in references/form-schema.json.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill's operational instructions.
  • Capability inventory: The skill utilizes scripts/run.py to transmit data to the ai-skills.ai API.
  • Sanitization: No sanitization or validation of the input content is performed within the provided client-side files.
  • [COMMAND_EXECUTION]: The skill documentation instructs users to execute a Python script (scripts/run.py) to interact with the AI Skills API. The script is a standard HTTP client wrapper.
  • [EXTERNAL_DOWNLOADS]: The Python runner makes outbound network requests to the vendor's API endpoint at https://ai-skills.ai to process user requests. This is the intended and documented behavior of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-humanizer-zh