ai-product-marketing
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because it processes untrusted user-provided content.
- Ingestion points: External data enters the agent context via the
materialUrl,materialFile, andmaterialTextparameters defined inreferences/form-schema.jsonandSKILL.md. - Boundary markers: Absent. There are no specific delimiters or safety instructions provided to the agent to distinguish user-provided materials from its core instructions.
- Capability inventory: The
scripts/run.pyscript performs network requests to theai-skills.aiAPI usingurllib.request. - Sanitization: Absent. The skill does not implement validation or filtering for the external content provided in the material parameters.
- [COMMAND_EXECUTION]: The skill provides a
scripts/run.pyscript intended to be executed locally by the user to interact with the AI Skills API. - [EXTERNAL_DOWNLOADS]: The
scripts/run.pyscript performs network operations tohttps://ai-skills.aito transmit user parameters and receive analysis results.
Audit Metadata