proposal-risk-response-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to analyze untrusted text and documents, which creates a potential surface for indirect prompt injection. Malicious instructions hidden in a proposal document could attempt to manipulate the agent's analysis or output. This is documented as an inherent risk of the skill's primary function.\n
  • Ingestion points: Untrusted data enters via proposalText and proposalFile as defined in references/form-schema.json.\n
  • Boundary markers: There are no explicit markers or instructions provided to isolate user content from the core logic.\n
  • Capability inventory: The skill communicates with an external API; it does not have direct access to system commands or local file writing.\n
  • Sanitization: The provided code does not perform sanitization of the input text before sending it to the processing service.\n- [EXTERNAL_DOWNLOADS]: The Python runner (scripts/run.py) performs network requests to https://ai-skills.ai. This is the designated service domain for the skill and is treated as a safe, well-known endpoint for this functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — proposal-risk-response-review