ecommerce-review-root-cause-analysis

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data, which serves as a potential vector for indirect prompt injection.
  • Ingestion points: Data enters through the reviewText (textarea) and reviewFile (file upload) parameters defined in references/form-schema.json.
  • Boundary markers: There are no explicit instructions or delimiters in the provided files to prevent the agent from executing instructions embedded within the user-provided reviews or documents.
  • Capability inventory: The skill utilizes a Python runner (scripts/run.py) which performs network requests to an external API.
  • Sanitization: No sanitization or validation of the input content is performed within the skill's client-side files.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network operations to the vendor's domain.
  • Evidence: The script scripts/run.py sends user-provided parameters and an API key to https://ai-skills.ai/api/execute using urllib.request.
  • Credentials: It requires the user to provide an AISKILLS_API_KEY via environment variables for authentication.
  • [COMMAND_EXECUTION]: The skill includes an executable Python script intended to be run by the user or the agent.
  • Evidence: scripts/run.py is a utility script that handles parameters, performs network requests, and polls for asynchronous results from the AI Skills API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ecommerce-review-root-cause-analysis