software-cost-quote-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted data from external sources.
- Ingestion points: The skill accepts untrusted input through parameters such as
vendorProposalLink,costQuoteText, andquoteWorkbookFiledefined inSKILL.mdandreferences/form-schema.json. - Boundary markers: There are no explicit delimiters or instructions provided in the skill markdown to the agent to treat external content as untrusted data.
- Capability inventory: The
scripts/run.pyscript possesses network capabilities to communicate with external APIs. - Sanitization: The provided client-side scripts do not perform validation or sanitization of the content fetched from external URLs or files before processing.
- [COMMAND_EXECUTION]: The skill includes a Python runner script intended for local execution to interact with the AI Skills service.
- Evidence: The file
scripts/run.pyis a functional script that uses theurllibandsslmodules to execute API requests based on user-provided parameters. - [EXTERNAL_DOWNLOADS]: The runner script performs network operations to the vendor's backend services.
- Evidence:
scripts/run.pyconnects tohttps://ai-skills.ai/api/executeto fulfill skill requests. - Context: The network operations target the official domain of the skill vendor and are required for the skill's operation.
Audit Metadata