ai-image

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (text, files, and URLs) to generate visual diagnoses. This creates a surface for indirect prompt injection.
  • Ingestion points: Data enters the system via the materialText, materialFile, and materialUrl parameters defined in references/form-schema.json.
  • Boundary markers: The provided instructions do not explicitly define delimiters for user-supplied content.
  • Capability inventory: The skill's executable script (scripts/run.py) is limited to making network POST requests to the ai-skills.ai API. It does not possess shell execution or file-writing capabilities beyond standard environment variable access.
  • Sanitization: Input sanitization is expected to be handled by the backend API at https://ai-skills.ai.
  • [EXTERNAL_DOWNLOADS]: The Python runner script (scripts/run.py) communicates with https://ai-skills.ai/api/execute. This domain is the official service endpoint for the skill and matches the author's infrastructure, presenting no risk of unauthorized data transit.
  • [COMMAND_EXECUTION]: The skill includes a Python script (scripts/run.py) intended for execution by the user. Analysis of the code confirms it is a standard API client using urllib. It does not use dangerous functions like os.system(), subprocess.run(), or eval() on untrusted input.
  • [CREDENTIALS_UNSAFE]: The skill correctly manages authentication by using the AISKILLS_API_KEY environment variable rather than hardcoding secrets in the source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-image