content-material-audit
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a utility script
scripts/run.pyintended to facilitate communication with the back-end API. This script handles parameter loading, API authentication via environment variables, and result polling. - [EXTERNAL_DOWNLOADS]: The runner script makes network requests to
https://ai-skills.ai/api/execute. This is the intended behavior of the skill to process content through its service infrastructure. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core function of processing untrusted external content.
- Ingestion points: Untrusted data enters the context via the
materialText,materialFile, andmaterialUrlparameters as defined inreferences/form-schema.json. - Boundary markers: The instructions do not define clear delimiters or warnings to the model to ignore embedded instructions within the audited materials.
- Capability inventory: The skill's primary capability is executing the
scripts/run.pyscript to perform network operations and process content. - Sanitization: The runner script forwards user-provided parameters to the API without performing sanitization or filtering of the content within the materials.
Audit Metadata