gov-service-faq-quality-check

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were identified. The skill's logic is consistent with its stated purpose of analyzing business data and government FAQs. This includes the ingestion of untrusted data (FAQ texts, files, and links), which is the primary intended function of the tool. Analysis of this surface shows:
  • Ingestion points: Data enters through govFaqText, govFaqFile, and servicePageLink parameters defined in references/form-schema.json.
  • Boundary markers: No explicit instruction delimiters or boundary markers were identified in the skill metadata or code.
  • Capability inventory: Capabilities are limited to network requests directed at the vendor's API for processing.
  • Sanitization: No client-side sanitization of the input data was observed.
  • [EXTERNAL_DOWNLOADS]: The scripts/run.py script communicates with the vendor's domain ai-skills.ai to perform diagnostic analysis. This is standard behavior for this service.
  • [COMMAND_EXECUTION]: The skill includes a Python runner that uses the standard urllib library to interact with an API. It does not perform any suspicious system-level commands or unauthorized subprocess calls.
  • [CREDENTIALS_UNSAFE]: The skill manages authentication using the AISKILLS_API_KEY environment variable, which is a standard and secure method for handling credentials compared to hardcoding secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — gov-service-faq-quality-check