private-domain-campaign-sop-generator
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to send campaign-related parameters to the official API at https://ai-skills.ai using a standard Python runner. The network communication is transparent and directed to the service's primary domain.
- [DATA_EXPOSURE]: Credential management is handled through the AISKILLS_API_KEY environment variable. This follows security best practices by avoiding hardcoded secrets and relying on the execution environment to provide authentication.
- [INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface through fields like 'campaignGoal' and 'communityContext' defined in references/form-schema.json. While no explicit boundary markers are defined in the instructions, the skill's local capabilities are strictly limited to API communication, and it lacks dangerous tools like shell execution or file system writes that could be exploited via injection.
Audit Metadata