ai-launch

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/run.py script attempts to import the certifi package to provide root certificates for SSL/TLS verification.
  • [DATA_EXFILTRATION]: The skill collects user-provided information including marketing goals, audience descriptions, and material content, and transmits this data to the vendor's API at https://ai-skills.ai for processing. This operation requires the use of an AISKILLS_API_KEY provided through environment variables.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external URLs and user-submitted text, which presents a surface for indirect prompt injection attacks.
  • Ingestion points: Data is ingested via the materialUrl, materialFile, materialText, goal, audience, and brandRequirements parameters as defined in SKILL.md and references/form-schema.json.
  • Boundary markers: There are no delimiters or specific instructions within the skill to isolate or treat ingested external data as untrusted when processed by the agent.
  • Capability inventory: The skill possesses network communication capabilities through the scripts/run.py script to transmit data to the platform API.
  • Sanitization: No explicit evidence of input sanitization or validation for external content was found in the provided skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-launch