competitor-alternatives
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's execution script,
scripts/run.py, interacts exclusively with the vendor's domain athttps://ai-skills.ai. This is the intended and documented behavior for the skill. - [SAFE]: Credential management follows best practices by utilizing environment variables (
AISKILLS_API_KEY) for authentication instead of hardcoded secrets. - [PROMPT_INJECTION]: An Indirect Prompt Injection surface was identified as the skill is designed to ingest and process untrusted materials from external sources. Malicious instructions could potentially be embedded in these materials to influence the agent's behavior.
- Ingestion points: Parameters
materialUrl,materialFile, andmaterialTextas defined inSKILL.mdandreferences/form-schema.jsonserve as ingestion points for external data. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were found in the provided instructions.
- Capability inventory: The skill is capable of performing network requests to the vendor's API to process ingested data.
- Sanitization: No sanitization or content validation logic is implemented within the provided local scripts.
Audit Metadata