local-store-review-business-diagnosis

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data from store reviews, uploaded documents, and external URLs. This behavior is necessary for its primary function of business diagnosis.
  • Ingestion points: Untrusted data enters the agent context through the storeReviewText, reviewExportFile, and storeListingLink parameters as defined in references/form-schema.json.
  • Boundary markers: No explicit markers or boundary instructions for the LLM to ignore injected content were identified in the provided configuration.
  • Capability inventory: The skill uses a Python script (scripts/run.py) to transmit analysis data to the vendor's API.
  • Sanitization: Inputs are transmitted as JSON-encoded strings; content-level sanitization is managed by the remote API service.
  • [COMMAND_EXECUTION]: The skill includes a local utility script (scripts/run.py) to facilitate API interactions. Analysis confirms the script is a legitimate API client that uses standard libraries for networking and asynchronous job polling without executing arbitrary system commands or spawning unsafe subprocesses.
  • [EXTERNAL_DOWNLOADS]: The skill interacts exclusively with its official service domain at https://ai-skills.ai to process diagnostic requests. These network operations are standard for the skill's operation and target the vendor's own infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — local-store-review-business-diagnosis