ai-operations-manual

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from multiple sources.
  • Ingestion points: The skill processes data from materialUrl (external URLs), materialFile (uploaded files), and materialText (user-pasted text) as defined in references/form-schema.json.
  • Boundary markers: The instructions in SKILL.md do not define clear delimiters or "ignore embedded instructions" warnings for the processed data.
  • Capability inventory: Data is transmitted to an external API service (https://ai-skills.ai/api/execute) for processing via scripts/run.py.
  • Sanitization: No evidence of sanitization or validation of the input content is present in the skill scripts or instructions.
  • [DATA_EXFILTRATION]: The skill transmits user parameters to an external service managed by the author.
  • Network operations: scripts/run.py sends POST requests to https://ai-skills.ai/api/execute using the urllib.request library.
  • Context: The network activity targets the official vendor domain and is essential for the skill's intended operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-operations-manual