auto-review-selling-point-map
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external, untrusted data.
- Ingestion points: The skill accepts data through
autoReviewFile(uploaded documents),autoReviewText(pasted text), andvehicleModelLink(external URLs), as defined inreferences/form-schema.json. - Boundary markers: There are no explicit instructions or delimiters in
SKILL.mdor the agent configuration to distinguish between system instructions and data content, nor to ignore potential instructions embedded in the input. - Capability inventory: The skill includes a Python script (
scripts/run.py) that performs network POST requests and polls an external API atai-skills.ai. - Sanitization: The skill files do not contain logic for sanitizing or escaping the processed data before it is sent to the LLM or API.
Audit Metadata