financial-marketing-compliance-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The Python runner script (scripts/run.py) performs HTTPS requests to the vendor's API endpoint at https://ai-skills.ai to process marketing materials. This is an essential component of the skill's operation and connects to its official service infrastructure.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external URLs, uploaded files, and pasted text. 1. Ingestion points: Data enters via the promoPageLink, financePromoFile, and financePromoText parameters defined in references/form-schema.json. 2. Boundary markers: No explicit delimiters or safety instructions are defined in the skill files to isolate untrusted content. 3. Capability inventory: The skill possesses network communication capabilities through the provided Python runner script. 4. Sanitization: User-provided content is transmitted to the API without prior sanitization.
Audit Metadata