ai-launch
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/run.pyscript attempts to import thecertifipackage to provide root certificates for SSL/TLS verification. - [DATA_EXFILTRATION]: The skill collects user-provided information including marketing goals, audience descriptions, and material content, and transmits this data to the vendor's API at
https://ai-skills.aifor processing. This operation requires the use of anAISKILLS_API_KEYprovided through environment variables. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external URLs and user-submitted text, which presents a surface for indirect prompt injection attacks.
- Ingestion points: Data is ingested via the
materialUrl,materialFile,materialText,goal,audience, andbrandRequirementsparameters as defined inSKILL.mdandreferences/form-schema.json. - Boundary markers: There are no delimiters or specific instructions within the skill to isolate or treat ingested external data as untrusted when processed by the agent.
- Capability inventory: The skill possesses network communication capabilities through the
scripts/run.pyscript to transmit data to the platform API. - Sanitization: No explicit evidence of input sanitization or validation for external content was found in the provided skill files.
Audit Metadata