page-cro

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses a standard Python runner script (scripts/run.py) to transmit parameters to the official API at https://ai-skills.ai. The network communication is transparent and limited to the vendor's domain.
  • [EXTERNAL_DOWNLOADS]: The runner script facilitates interaction with external services. It connects to https://ai-skills.ai for processing, which is consistent with the skill's documented purpose.
  • [PROMPT_INJECTION]: The skill accepts external data through materialUrl, materialFile, and materialText for analysis. This creates a surface for indirect prompt injection where malicious instructions could be embedded in analyzed pages. However, since the agent's capabilities are limited to generating diagnostics and summaries without direct system or file-system write access, the risk is negligible.
  • [CREDENTIALS_UNSAFE]: The skill requires an AISKILLS_API_KEY for operation. The documentation correctly instructs users to provide this via environment variables, and the script handles the token appropriately by including it in the request headers to the authorized endpoint.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — page-cro