course-landing-page-conversion-review

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to process external content from URLs and files, which could contain malicious instructions designed to manipulate the agent's output.
  • Ingestion points: The courseSalesPageLink (URL) and courseSalesPageFile (file upload) fields in references/form-schema.json allow the ingestion of untrusted external data.
  • Boundary markers: There are no explicit delimiters or system instructions present in the skill files to isolate external content or instruct the agent to ignore embedded commands.
  • Capability inventory: The skill uses a Python runner script (scripts/run.py) to transmit data to the vendor's API.
  • Sanitization: No sanitization or verification logic for the external content was identified in the provided files.
  • [EXTERNAL_DOWNLOADS]: The scripts/run.py script performs network operations to the vendor's official API endpoint at https://ai-skills.ai to process conversion reviews.
  • [EXTERNAL_DOWNLOADS]: The runner script includes an optional dependency on the certifi package to ensure secure SSL certificate verification.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — course-landing-page-conversion-review