vulnerability-advisory-impact-brief

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, such as vulnerability advisories, CVE summaries, and content from external vendor links.
  • Ingestion points: Untrusted data enters via vulnAdvisoryText, vulnBulletinFile, and productExposureLink parameters defined in references/form-schema.json and SKILL.md.
  • Boundary markers: No explicit instructions or delimiters are provided to the agent to treat these inputs as untrusted data.
  • Capability inventory: The skill utilizes scripts/run.py to perform network operations to the vendor's API.
  • Sanitization: No input sanitization or validation logic is present in the provided scripts or instructions.
  • [EXTERNAL_DOWNLOADS]: The Python runner script (scripts/run.py) performs outbound network requests to the vendor's platform (ai-skills.ai) to execute the diagnostic logic.
  • [COMMAND_EXECUTION]: The skill includes a functional Python script (scripts/run.py) meant to be executed by the user to facilitate API communication.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — vulnerability-advisory-impact-brief