saas-prd-review

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a Python runner script (scripts/run.py) that facilitates communication with the vendor's API at ai-skills.ai. This is a standard architectural pattern for this type of skill and does not involve arbitrary command execution.
  • [EXTERNAL_DOWNLOADS]: The included Python script attempts to use the well-known certifi package for SSL certificate verification to ensure secure network communications.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data provided by users, which is its primary function. This constitutes a potential attack surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through the prdDraftText, prdDocumentFile, and prdReferenceLink fields defined in references/form-schema.json.
  • Boundary markers: No explicit boundary markers or warnings to ignore embedded instructions were found in the provided configuration.
  • Capability inventory: The skill's local capabilities are restricted to network operations with the vendor's domain (ai-skills.ai). No local file system writes or subprocess executions were found.
  • Sanitization: No input sanitization or validation logic is present in the local script; processing is handled by the remote API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — saas-prd-review