brand-account-positioning-diagnosis

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns were identified. The skill and its included Python runner script perform legitimate operations consistent with the stated purpose of analyzing brand accounts. All network activity is directed to the vendor's domain at ai-skills.ai.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted user data, including pasted text and uploaded files. This is a common architectural characteristic for analysis-oriented skills.\n
  • Ingestion points: Data enters the agent context through the accountProfileText, accountDataFile, and accountHomeLink fields defined in references/form-schema.json.\n
  • Boundary markers: The skill instructions do not utilize specific delimiters to isolate user-provided data from instructional prompts.\n
  • Capability inventory: The scripts/run.py script performs network operations to ai-skills.ai to execute the skill logic.\n
  • Sanitization: No explicit input validation or sanitization mechanisms are implemented in the skill configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — brand-account-positioning-diagnosis