copywriting

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill communicates with its official backend at ai-skills.ai using a standard Python runner script. No unauthorized network operations or communication with suspicious domains were detected.
  • [SAFE]: Secret management is handled correctly by requiring the AISKILLS_API_KEY to be provided via environment variables, rather than being hardcoded in the skill files.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill is designed to ingest and analyze untrusted data provided via URLs, file uploads, and text snippets.
  • Ingestion points: materialUrl, materialFile, and materialText parameters defined in references/form-schema.json.
  • Boundary markers: None identified in the provided skill instructions or schema.
  • Capability inventory: The skill performs network requests to the AI Skills API via scripts/run.py.
  • Sanitization: No client-side input validation or escaping is present in the runner script.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — copywriting