ai-visual-prompt-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a Python runner script (scripts/run.py) to facilitate communication with the external AI Skills API. This script is used to transmit parameters and retrieve diagnostic results.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with https://ai-skills.ai, the vendor's official service domain, to perform its stated functions. This is documented behavior for the skill's operation.
  • [PROMPT_INJECTION]: The skill is designed to process untrusted data from users, including text prompts and uploaded files (e.g., .pdf, .docx, .png). This constitutes an attack surface for indirect prompt injection.
  • Ingestion points: Data enters the system via visualPromptText, promptAssetFile, and imageReferenceLink.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the configuration.
  • Capability inventory: The skill's operations are limited to network requests via the runner script to the vendor's API.
  • Sanitization: No validation or sanitization of the input content is performed within the provided skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-visual-prompt-review