multi-platform-article-rewrite-pack
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a Python script (
scripts/run.py) intended for the user to execute. This script acts as a runner to send parameters to the AI Skills API. - [EXTERNAL_DOWNLOADS]: The Python runner makes HTTPS requests to
https://ai-skills.aito perform the analysis. This domain is the official platform for the skill as documented inSKILL.md. - [DATA_EXPOSURE]: The skill uses an environment variable
AISKILLS_API_KEYfor API authentication. The script correctly retrieves this from the environment rather than hardcoding credentials. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data from multiple sources:
- Ingestion points: Inputs are accepted via the
articleFile(file upload),articleDraftText(text input), andarticleSourceLink(external URL) parameters defined inreferences/form-schema.json. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore instructions embedded within the processed text.
- Capability inventory: The associated
scripts/run.pyhas network capabilities to communicate with the vendor API. - Sanitization: The skill does not appear to perform pre-processing or sanitization on the input data before it is sent to the model.
Audit Metadata