gov-service-faq-quality-check
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified. The skill's logic is consistent with its stated purpose of analyzing business data and government FAQs. This includes the ingestion of untrusted data (FAQ texts, files, and links), which is the primary intended function of the tool. Analysis of this surface shows:
- Ingestion points: Data enters through
govFaqText,govFaqFile, andservicePageLinkparameters defined inreferences/form-schema.json. - Boundary markers: No explicit instruction delimiters or boundary markers were identified in the skill metadata or code.
- Capability inventory: Capabilities are limited to network requests directed at the vendor's API for processing.
- Sanitization: No client-side sanitization of the input data was observed.
- [EXTERNAL_DOWNLOADS]: The
scripts/run.pyscript communicates with the vendor's domainai-skills.aito perform diagnostic analysis. This is standard behavior for this service. - [COMMAND_EXECUTION]: The skill includes a Python runner that uses the standard
urlliblibrary to interact with an API. It does not perform any suspicious system-level commands or unauthorized subprocess calls. - [CREDENTIALS_UNSAFE]: The skill manages authentication using the
AISKILLS_API_KEYenvironment variable, which is a standard and secure method for handling credentials compared to hardcoding secrets.
Audit Metadata