enterprise-ai-usecase-priority-assessment
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-provided business scenarios and content from external URLs provided by the user.
- Ingestion points: Processes untrusted data via the
aiStrategyLinkandaiUsecaseListTextparameters defined inSKILL.mdandreferences/form-schema.json. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used to isolate untrusted input within the analysis pipeline.
- Capability inventory: The skill possesses the capability to transmit processed data to an external API via the
scripts/run.pyexecution script. - Sanitization: There is no evidence of validation or sanitization of the content retrieved from links or provided in text inputs before it is processed by the diagnostic engine.
- [DATA_EXFILTRATION]: The skill sends user-provided diagnostic parameters and the user's
AISKILLS_API_KEYto the external domainhttps://ai-skills.ai. This is the documented and intended functional behavior of the skill for performing remote diagnostics. - [COMMAND_EXECUTION]: The skill includes a standalone Python script (
scripts/run.py) designed to be executed in the user's local environment to facilitate interaction with the vendor's API.
Audit Metadata