page-cro
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a standard Python runner script (
scripts/run.py) to transmit parameters to the official API athttps://ai-skills.ai. The network communication is transparent and limited to the vendor's domain. - [EXTERNAL_DOWNLOADS]: The runner script facilitates interaction with external services. It connects to
https://ai-skills.aifor processing, which is consistent with the skill's documented purpose. - [PROMPT_INJECTION]: The skill accepts external data through
materialUrl,materialFile, andmaterialTextfor analysis. This creates a surface for indirect prompt injection where malicious instructions could be embedded in analyzed pages. However, since the agent's capabilities are limited to generating diagnostics and summaries without direct system or file-system write access, the risk is negligible. - [CREDENTIALS_UNSAFE]: The skill requires an
AISKILLS_API_KEYfor operation. The documentation correctly instructs users to provide this via environment variables, and the script handles the token appropriately by including it in the request headers to the authorized endpoint.
Audit Metadata