landing-page-copy-review
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design.
- Ingestion points: It processes data from potentially malicious external sources through
landingPageUrl,landingPageFile, andlandingPageTextas defined inreferences/form-schema.json. - Boundary markers: The instructions in
SKILL.mdand the agent prompt inagents/openai.yamldo not include delimiters or warnings to ignore instructions embedded within the input data. - Capability inventory: The skill's capabilities are limited to network communication with the vendor's API via
scripts/run.py. It does not have access to the underlying system shell or sensitive local files beyond those provided in parameters. - Sanitization: The provided Python scripts do not perform explicit sanitization of the landing page content before it is sent to the AI for processing.
- [EXTERNAL_DOWNLOADS]: The script
scripts/run.pymakes network requests tohttps://ai-skills.ai/api/execute. This communication is directed to the developer's official domain and is essential for the skill's functionality. - [CREDENTIALS_UNSAFE]: The skill follows security best practices for credential management by requiring the
AISKILLS_API_KEYto be supplied as an environment variable rather than hardcoding it in the source files.
Audit Metadata