live-replay-clip-title-pack

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to process user-provided data such as live stream transcripts, external links, and uploaded files. While this represents an ingestion surface for potential indirect prompt injection, it is the intended behavior for this diagnostic tool. \n
  • Ingestion points: Untrusted data enters via replayText, liveReplayLink, and replayClipFile fields as specified in references/form-schema.json. \n
  • Boundary markers: No specific delimiters or "ignore" instructions are present in the prompt templates to isolate external data. \n
  • Capability inventory: Analysis is performed by a managed LLM, and the Python runner script (scripts/run.py) communicates findings to the ai-skills.ai API. \n
  • Sanitization: Input validation is handled by the JSON schema; further content sanitization is not explicitly documented. \n- [SAFE]: The provided Python script scripts/run.py is a standard API client. It correctly implements authentication using environment variables and ensures secure connections through SSL certificate verification (optionally using the certifi package). It interacts exclusively with the verified vendor domain ai-skills.ai.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — live-replay-clip-title-pack