ecommerce-review-root-cause-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data, which serves as a potential vector for indirect prompt injection.
- Ingestion points: Data enters through the
reviewText(textarea) andreviewFile(file upload) parameters defined inreferences/form-schema.json. - Boundary markers: There are no explicit instructions or delimiters in the provided files to prevent the agent from executing instructions embedded within the user-provided reviews or documents.
- Capability inventory: The skill utilizes a Python runner (
scripts/run.py) which performs network requests to an external API. - Sanitization: No sanitization or validation of the input content is performed within the skill's client-side files.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network operations to the vendor's domain.
- Evidence: The script
scripts/run.pysends user-provided parameters and an API key tohttps://ai-skills.ai/api/executeusingurllib.request. - Credentials: It requires the user to provide an
AISKILLS_API_KEYvia environment variables for authentication. - [COMMAND_EXECUTION]: The skill includes an executable Python script intended to be run by the user or the agent.
- Evidence:
scripts/run.pyis a utility script that handles parameters, performs network requests, and polls for asynchronous results from the AI Skills API.
Audit Metadata