real-estate-listing-compliance-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted external content.
  • Ingestion points: User-provided data is accepted through the propertyListingText, listingAssetFile, and propertyPageLink fields defined in references/form-schema.json.
  • Boundary markers: The instructions do not define explicit delimiters or clear isolation instructions to prevent the model from executing commands that might be embedded within the listing text or external files.
  • Capability inventory: The scripts/run.py script performs network requests to the vendor's API, which is the primary action taken after processing the data.
  • Sanitization: No specific filtering or escaping logic is present in the runner script to sanitize user input before transmission.
  • [SAFE]: The Python runner script (scripts/run.py) manages authentication securely by retrieving the API key from environment variables (AISKILLS_API_KEY) rather than hardcoding credentials. It restricts network communications to the vendor's official domain (ai-skills.ai).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — real-estate-listing-compliance-review