vulnerability-advisory-impact-brief
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, such as vulnerability advisories, CVE summaries, and content from external vendor links.
- Ingestion points: Untrusted data enters via
vulnAdvisoryText,vulnBulletinFile, andproductExposureLinkparameters defined inreferences/form-schema.jsonandSKILL.md. - Boundary markers: No explicit instructions or delimiters are provided to the agent to treat these inputs as untrusted data.
- Capability inventory: The skill utilizes
scripts/run.pyto perform network operations to the vendor's API. - Sanitization: No input sanitization or validation logic is present in the provided scripts or instructions.
- [EXTERNAL_DOWNLOADS]: The Python runner script (
scripts/run.py) performs outbound network requests to the vendor's platform (ai-skills.ai) to execute the diagnostic logic. - [COMMAND_EXECUTION]: The skill includes a functional Python script (
scripts/run.py) meant to be executed by the user to facilitate API communication.
Audit Metadata