ai-lead-magnets

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/run.py script communicates with https://ai-skills.ai to process user input. This is the intended behavior of the skill, and the domain belongs to the skill's infrastructure.
  • [COMMAND_EXECUTION]: The provided Python runner script executes as a standalone tool to interface with the AI Skills API. It uses standard Python libraries for networking and does not perform arbitrary shell command execution or subprocess spawning.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes external materials.
  • Ingestion points: The skill accepts untrusted data through the materialText, materialFile, and materialUrl fields defined in references/form-schema.json.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are included in the skill's logic.
  • Capability inventory: The skill's capabilities are limited to API interaction and do not include dangerous operations like file system modification or administrative command execution.
  • Sanitization: There is no evidence of content filtering or sanitization before data is transmitted to the processing API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-lead-magnets