competitor-alternatives

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill's execution script, scripts/run.py, interacts exclusively with the vendor's domain at https://ai-skills.ai. This is the intended and documented behavior for the skill.
  • [SAFE]: Credential management follows best practices by utilizing environment variables (AISKILLS_API_KEY) for authentication instead of hardcoded secrets.
  • [PROMPT_INJECTION]: An Indirect Prompt Injection surface was identified as the skill is designed to ingest and process untrusted materials from external sources. Malicious instructions could potentially be embedded in these materials to influence the agent's behavior.
  • Ingestion points: Parameters materialUrl, materialFile, and materialText as defined in SKILL.md and references/form-schema.json serve as ingestion points for external data.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were found in the provided instructions.
  • Capability inventory: The skill is capable of performing network requests to the vendor's API to process ingested data.
  • Sanitization: No sanitization or content validation logic is implemented within the provided local scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — competitor-alternatives