ai-operations-manual
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from multiple sources.
- Ingestion points: The skill processes data from
materialUrl(external URLs),materialFile(uploaded files), andmaterialText(user-pasted text) as defined inreferences/form-schema.json. - Boundary markers: The instructions in
SKILL.mddo not define clear delimiters or "ignore embedded instructions" warnings for the processed data. - Capability inventory: Data is transmitted to an external API service (
https://ai-skills.ai/api/execute) for processing viascripts/run.py. - Sanitization: No evidence of sanitization or validation of the input content is present in the skill scripts or instructions.
- [DATA_EXFILTRATION]: The skill transmits user parameters to an external service managed by the author.
- Network operations:
scripts/run.pysends POST requests tohttps://ai-skills.ai/api/executeusing theurllib.requestlibrary. - Context: The network activity targets the official vendor domain and is essential for the skill's intended operation.
Audit Metadata