live-commerce-script-compliance-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided content through its parameters and file uploads.
- Ingestion points: External data enters the context via the
liveTalkText(text input) andliveTalkFile(file uploads) parameters, as defined inSKILL.mdandreferences/form-schema.json. - Boundary markers: The skill does not explicitly define delimiters or provide specific instructions for the agent to ignore potentially malicious embedded instructions within the user-supplied content.
- Capability inventory: The skill executes network requests to the vendor's API endpoint (
https://ai-skills.ai/api/execute) via thescripts/run.pyscript. - Sanitization: There is no evidence of input validation or sanitization in the provided local scripts; the skill relies on the remote API for safe processing.
- [EXTERNAL_DOWNLOADS]: The skill's runner script (
scripts/run.py) performs network operations to interact with an external API athttps://ai-skills.ai. This is documented behavior that connects to the developer's infrastructure to fulfill the skill's primary purpose.
Audit Metadata