gws-docs

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides structured instructions and a Python runner script to analyze business documents. All components are transparent and no malicious behavior, obfuscation, or unauthorized access attempts were detected.
  • [COMMAND_EXECUTION]: The scripts/run.py script is a utility for making HTTPS requests to the vendor's API endpoint (ai-skills.ai). It does not execute arbitrary shell commands or perform unauthorized system modifications.
  • [EXTERNAL_DOWNLOADS]: While the skill accepts document URLs or files as input, these are processed as data for analysis by the remote API rather than being executed as code. The documentation explicitly notes that the system does not automatically open links.
  • [CREDENTIALS_UNSAFE]: The skill follows security best practices by requiring sensitive credentials, such as the AISKILLS_API_KEY, to be provided via environment variables rather than hardcoding them in the source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — gws-docs