ai-onboarding
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from untrusted external sources.
- Ingestion points: Untrusted data enters the agent context through the
materialUrl,materialFile, andmaterialTextparameters defined inSKILL.mdandreferences/form-schema.json. - Boundary markers: The instructions do not define boundary markers or explicit safety warnings to help the agent distinguish between its instructions and potentially malicious commands embedded in the processed materials.
- Capability inventory: The skill uses a Python runner (
scripts/run.py) that performs network operations viaurllib.requestto communicate with the backend service. - Sanitization: No sanitization or escaping of external content is performed in the local scripts; security relies on the implementation of the backend API.
- [COMMAND_EXECUTION]: The skill provides a Python script (
scripts/run.py) meant to be executed locally. This script handles network communication and processes user-supplied parameters to construct API requests. - [DATA_EXFILTRATION]: The skill transmits diagnostic data, which may include business goals, user feedback, and document links, to the vendor's external API at
https://ai-skills.ai. This is the intended behavior for the service's functionality.
Audit Metadata