real-estate-listing-compliance-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted external content.
- Ingestion points: User-provided data is accepted through the
propertyListingText,listingAssetFile, andpropertyPageLinkfields defined inreferences/form-schema.json. - Boundary markers: The instructions do not define explicit delimiters or clear isolation instructions to prevent the model from executing commands that might be embedded within the listing text or external files.
- Capability inventory: The
scripts/run.pyscript performs network requests to the vendor's API, which is the primary action taken after processing the data. - Sanitization: No specific filtering or escaping logic is present in the runner script to sanitize user input before transmission.
- [SAFE]: The Python runner script (
scripts/run.py) manages authentication securely by retrieving the API key from environment variables (AISKILLS_API_KEY) rather than hardcoding credentials. It restricts network communications to the vendor's official domain (ai-skills.ai).
Audit Metadata