xhs-note-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to process content from potentially untrusted sources which could contain malicious instructions.
  • Ingestion points: The skill ingests data via several parameters: materialUrl (external web links), materialFile (uploaded documents such as PDF, Docx, MD, TXT), and materialText (user-pasted text).
  • Boundary markers: The skill instructions do not provide explicit delimiters or "ignore embedded instructions" directives to the agent for the processed material.
  • Capability inventory: The included scripts/run.py script performs network operations to the vendor's API (ai-skills.ai). No direct file system manipulation or arbitrary command execution on the host system was identified in the skill's own code.
  • Sanitization: There is no evidence of sanitization, escaping, or validation performed on the external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — xhs-note-review