auto-review-selling-point-map

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external, untrusted data.
  • Ingestion points: The skill accepts data through autoReviewFile (uploaded documents), autoReviewText (pasted text), and vehicleModelLink (external URLs), as defined in references/form-schema.json.
  • Boundary markers: There are no explicit instructions or delimiters in SKILL.md or the agent configuration to distinguish between system instructions and data content, nor to ignore potential instructions embedded in the input.
  • Capability inventory: The skill includes a Python script (scripts/run.py) that performs network POST requests and polls an external API at ai-skills.ai.
  • Sanitization: The skill files do not contain logic for sanitizing or escaping the processed data before it is sent to the LLM or API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — auto-review-selling-point-map