local-store-review-business-diagnosis
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data from store reviews, uploaded documents, and external URLs. This behavior is necessary for its primary function of business diagnosis.
- Ingestion points: Untrusted data enters the agent context through the
storeReviewText,reviewExportFile, andstoreListingLinkparameters as defined inreferences/form-schema.json. - Boundary markers: No explicit markers or boundary instructions for the LLM to ignore injected content were identified in the provided configuration.
- Capability inventory: The skill uses a Python script (
scripts/run.py) to transmit analysis data to the vendor's API. - Sanitization: Inputs are transmitted as JSON-encoded strings; content-level sanitization is managed by the remote API service.
- [COMMAND_EXECUTION]: The skill includes a local utility script (
scripts/run.py) to facilitate API interactions. Analysis confirms the script is a legitimate API client that uses standard libraries for networking and asynchronous job polling without executing arbitrary system commands or spawning unsafe subprocesses. - [EXTERNAL_DOWNLOADS]: The skill interacts exclusively with its official service domain at
https://ai-skills.aito process diagnostic requests. These network operations are standard for the skill's operation and target the vendor's own infrastructure.
Audit Metadata