schema-markup
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, creating a surface for potential indirect prompt injection attacks. This is an inherent risk of the skill's purpose to analyze external content.
- Ingestion points: The skill accepts data via
materialUrl(external links),materialText(user-pasted text), andmaterialFile(uploaded documents) as defined inreferences/form-schema.json. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The skill utilizes a Python script (
scripts/run.py) to transmit this data to a remote API for processing. - Sanitization: Input sanitization is not handled locally in the skill scripts and is assumed to be managed by the backend API.
- [DATA_EXFILTRATION]: The skill performs outbound network operations to transmit user input to the vendor's API for analysis.
- Evidence: The script
scripts/run.pysends POST requests tohttps://ai-skills.ai/api/executecontaining the skill parameters. - Context: The destination domain matches the official vendor resources described in the skill metadata and documentation. Communication is secured via HTTPS with SSL certificate verification.
- [CREDENTIALS_UNSAFE]: The skill implements a secure credential management pattern.
- Evidence: The skill requires an
AISKILLS_API_KEY, but the implementation inscripts/run.pycorrectly retrieves this from environment variables rather than hardcoding secrets. Instructions inSKILL.mdcorrectly direct users to use environment variables.
Audit Metadata