ai-signup
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows established patterns for API-based tools. It uses a dedicated Python runner to communicate with a specific vendor endpoint.
- [DATA_EXFILTRATION]: While the skill transmits data to
https://ai-skills.ai, this is the primary intended behavior for processing conversion diagnostics. No evidence was found of sensitive local data (such as SSH keys or environment secrets unrelated to the API) being accessed or exfiltrated. - [PROMPT_INJECTION]: The skill processes external content which presents a surface for indirect prompt injection.
- Ingestion points:
materialUrl,materialFile, andmaterialTextas defined inreferences/form-schema.json. - Boundary markers: None identified in the provided templates to isolate user data from system instructions.
- Capability inventory: Network communication via
scripts/run.pyto send data to theai-skills.aiAPI. - Sanitization: No client-side sanitization is performed in the runner script; protection is assumed to be handled by the backend API.
Audit Metadata