quality-complaint-8d-report

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a Python runner script (scripts/run.py) intended for command-line execution to interact with the skill's backend API.
  • [EXTERNAL_DOWNLOADS]: The scripts/run.py script makes network requests to https://ai-skills.ai using Python's urllib library to execute diagnostic tasks. It also optionally imports the certifi package for SSL certificate verification.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from multiple sources which presents a surface for indirect prompt injection:
    • Ingestion points: Untrusted data enters the context through parameters like complaintCaseText and complaintRecordLink (defined in references/form-schema.json and processed in scripts/run.py).
    • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the core instructions in SKILL.md or the agent configuration.
    • Capability inventory: The skill has network capabilities via urllib.request in scripts/run.py to communicate with the vendor API.
    • Sanitization: There is no evidence of input validation or sanitization for the provided complaint text or external links.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — quality-complaint-8d-report