ai-image
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (text, files, and URLs) to generate visual diagnoses. This creates a surface for indirect prompt injection.
- Ingestion points: Data enters the system via the
materialText,materialFile, andmaterialUrlparameters defined inreferences/form-schema.json. - Boundary markers: The provided instructions do not explicitly define delimiters for user-supplied content.
- Capability inventory: The skill's executable script (
scripts/run.py) is limited to making network POST requests to theai-skills.aiAPI. It does not possess shell execution or file-writing capabilities beyond standard environment variable access. - Sanitization: Input sanitization is expected to be handled by the backend API at
https://ai-skills.ai. - [EXTERNAL_DOWNLOADS]: The Python runner script (
scripts/run.py) communicates withhttps://ai-skills.ai/api/execute. This domain is the official service endpoint for the skill and matches the author's infrastructure, presenting no risk of unauthorized data transit. - [COMMAND_EXECUTION]: The skill includes a Python script (
scripts/run.py) intended for execution by the user. Analysis of the code confirms it is a standard API client usingurllib. It does not use dangerous functions likeos.system(),subprocess.run(), oreval()on untrusted input. - [CREDENTIALS_UNSAFE]: The skill correctly manages authentication by using the
AISKILLS_API_KEYenvironment variable rather than hardcoding secrets in the source code.
Audit Metadata