social-rising-topic-radar-cn
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary functionality is to send user-provided content to a remote API (ai-skills.ai) for analysis. This behavior is clearly documented and consistent with the skill's stated purpose.
- [SAFE]: The runner script scripts/run.py implements standard API communication patterns, including secure handling of the AISKILLS_API_KEY via environment variables.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to process untrusted external data (social media text, uploaded files, and links).
- Ingestion points: Untrusted data enters the context via trendSignalText, trendSignalFile, and trendSourceLink fields defined in references/skill.json.
- Boundary markers: No explicit delimiter or boundary instructions are present in the provided configuration files.
- Capability inventory: The skill's local script is limited to performing network requests to the vendor's API and printing the result. It does not have file-writing or subprocess execution capabilities based on returned data.
- Sanitization: There is no evidence of local sanitization or filtering of the ingested external content before it is transmitted to the API.
Audit Metadata