xhs-note-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to process content from potentially untrusted sources which could contain malicious instructions.
- Ingestion points: The skill ingests data via several parameters:
materialUrl(external web links),materialFile(uploaded documents such as PDF, Docx, MD, TXT), andmaterialText(user-pasted text). - Boundary markers: The skill instructions do not provide explicit delimiters or "ignore embedded instructions" directives to the agent for the processed material.
- Capability inventory: The included
scripts/run.pyscript performs network operations to the vendor's API (ai-skills.ai). No direct file system manipulation or arbitrary command execution on the host system was identified in the skill's own code. - Sanitization: There is no evidence of sanitization, escaping, or validation performed on the external content before it is processed by the agent.
Audit Metadata