ai-visual-prompt-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a Python runner script (scripts/run.py) to facilitate communication with the external AI Skills API. This script is used to transmit parameters and retrieve diagnostic results.
- [EXTERNAL_DOWNLOADS]: The skill communicates with https://ai-skills.ai, the vendor's official service domain, to perform its stated functions. This is documented behavior for the skill's operation.
- [PROMPT_INJECTION]: The skill is designed to process untrusted data from users, including text prompts and uploaded files (e.g., .pdf, .docx, .png). This constitutes an attack surface for indirect prompt injection.
- Ingestion points: Data enters the system via visualPromptText, promptAssetFile, and imageReferenceLink.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the configuration.
- Capability inventory: The skill's operations are limited to network requests via the runner script to the vendor's API.
- Sanitization: No validation or sanitization of the input content is performed within the provided skill files.
Audit Metadata