schema-markup

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, creating a surface for potential indirect prompt injection attacks. This is an inherent risk of the skill's purpose to analyze external content.
  • Ingestion points: The skill accepts data via materialUrl (external links), materialText (user-pasted text), and materialFile (uploaded documents) as defined in references/form-schema.json.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The skill utilizes a Python script (scripts/run.py) to transmit this data to a remote API for processing.
  • Sanitization: Input sanitization is not handled locally in the skill scripts and is assumed to be managed by the backend API.
  • [DATA_EXFILTRATION]: The skill performs outbound network operations to transmit user input to the vendor's API for analysis.
  • Evidence: The script scripts/run.py sends POST requests to https://ai-skills.ai/api/execute containing the skill parameters.
  • Context: The destination domain matches the official vendor resources described in the skill metadata and documentation. Communication is secured via HTTPS with SSL certificate verification.
  • [CREDENTIALS_UNSAFE]: The skill implements a secure credential management pattern.
  • Evidence: The skill requires an AISKILLS_API_KEY, but the implementation in scripts/run.py correctly retrieves this from environment variables rather than hardcoding secrets. Instructions in SKILL.md correctly direct users to use environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — schema-markup