landing-page-copy-review

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design.
  • Ingestion points: It processes data from potentially malicious external sources through landingPageUrl, landingPageFile, and landingPageText as defined in references/form-schema.json.
  • Boundary markers: The instructions in SKILL.md and the agent prompt in agents/openai.yaml do not include delimiters or warnings to ignore instructions embedded within the input data.
  • Capability inventory: The skill's capabilities are limited to network communication with the vendor's API via scripts/run.py. It does not have access to the underlying system shell or sensitive local files beyond those provided in parameters.
  • Sanitization: The provided Python scripts do not perform explicit sanitization of the landing page content before it is sent to the AI for processing.
  • [EXTERNAL_DOWNLOADS]: The script scripts/run.py makes network requests to https://ai-skills.ai/api/execute. This communication is directed to the developer's official domain and is essential for the skill's functionality.
  • [CREDENTIALS_UNSAFE]: The skill follows security best practices for credential management by requiring the AISKILLS_API_KEY to be supplied as an environment variable rather than hardcoding it in the source files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — landing-page-copy-review