ai-industrial-brutalist-ui

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it is designed to ingest and process data from untrusted external sources.
  • Ingestion points: The skill accepts data through materialUrl, materialFile, and materialText parameters as defined in references/form-schema.json and references/skill.json.
  • Capability inventory: The included scripts/run.py script enables network communication with the ai-skills.ai platform to process this data.
  • Boundary markers: The skill instructions do not implement delimiters or specific warnings to the agent to disregard instructions contained within the processed external content.
  • Sanitization: No input validation or sanitization routines are present in the provided scripts to filter potentially malicious instructions from the ingested data.
  • [EXTERNAL_DOWNLOADS]: The Python execution script references the certifi library to handle SSL certificate verification for secure API requests.
  • Evidence: import certifi statement in scripts/run.py.
  • [COMMAND_EXECUTION]: The skill includes a local Python script intended to be executed to facilitate communication with the backend API.
  • Evidence: Instructions in SKILL.md direct the user to execute python3 scripts/run.py --params '...' to perform the visual diagnosis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-industrial-brutalist-ui