pricing-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a Python script (scripts/run.py) for local execution. This script is used to interact with the AI Skills API, handling authentication via environment variables and managing the request/response lifecycle.
  • [EXTERNAL_DOWNLOADS]: The skill's runner script performs network requests to https://ai-skills.ai to transmit parameters and retrieve diagnostic results. This is the intended behavior for this skill and targets the vendor's platform.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing external data sources.
  • Ingestion points: Untrusted data enters the agent context through the materialText, materialFile, materialUrl, and audience parameters defined in references/form-schema.json.
  • Boundary markers: There are no instructions or delimiters provided to isolate these external inputs or to warn the agent against following embedded instructions.
  • Capability inventory: The skill utilizes a local script (scripts/run.py) with network access to communicate with the https://ai-skills.ai endpoint.
  • Sanitization: No validation or sanitization of input materials is specified before the data is sent for processing by the underlying model.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — pricing-strategy