ai-onboarding

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from untrusted external sources.
  • Ingestion points: Untrusted data enters the agent context through the materialUrl, materialFile, and materialText parameters defined in SKILL.md and references/form-schema.json.
  • Boundary markers: The instructions do not define boundary markers or explicit safety warnings to help the agent distinguish between its instructions and potentially malicious commands embedded in the processed materials.
  • Capability inventory: The skill uses a Python runner (scripts/run.py) that performs network operations via urllib.request to communicate with the backend service.
  • Sanitization: No sanitization or escaping of external content is performed in the local scripts; security relies on the implementation of the backend API.
  • [COMMAND_EXECUTION]: The skill provides a Python script (scripts/run.py) meant to be executed locally. This script handles network communication and processes user-supplied parameters to construct API requests.
  • [DATA_EXFILTRATION]: The skill transmits diagnostic data, which may include business goals, user feedback, and document links, to the vendor's external API at https://ai-skills.ai. This is the intended behavior for the service's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-onboarding