software-cost-quote-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted data from external sources.
  • Ingestion points: The skill accepts untrusted input through parameters such as vendorProposalLink, costQuoteText, and quoteWorkbookFile defined in SKILL.md and references/form-schema.json.
  • Boundary markers: There are no explicit delimiters or instructions provided in the skill markdown to the agent to treat external content as untrusted data.
  • Capability inventory: The scripts/run.py script possesses network capabilities to communicate with external APIs.
  • Sanitization: The provided client-side scripts do not perform validation or sanitization of the content fetched from external URLs or files before processing.
  • [COMMAND_EXECUTION]: The skill includes a Python runner script intended for local execution to interact with the AI Skills service.
  • Evidence: The file scripts/run.py is a functional script that uses the urllib and ssl modules to execute API requests based on user-provided parameters.
  • [EXTERNAL_DOWNLOADS]: The runner script performs network operations to the vendor's backend services.
  • Evidence: scripts/run.py connects to https://ai-skills.ai/api/execute to fulfill skill requests.
  • Context: The network operations target the official domain of the skill vendor and are required for the skill's operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — software-cost-quote-review