humanize
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill sends user-provided text or file contents to the author's API at https://humanizer.diaiq.com/api/humanize. This data transmission is the core purpose of the skill and is clearly disclosed in the documentation.
- [COMMAND_EXECUTION]: The skill utilizes the curl command via the Bash tool to interact with the external humanization service. This is a standard method for API interaction in this environment.
- [PROMPT_INJECTION]: The skill processes external data which is interpolated into a shell command payload. Evidence chain: (1) Ingestion points: User text or file content provided to the humanize command as seen in SKILL.md; (2) Boundary markers: The text is placed inside a JSON string within the curl payload; (3) Capability inventory: The skill uses the Bash tool to execute curl; (4) Sanitization: The skill does not explicitly specify sanitization or escaping of input text before interpolation into the bash command.
Audit Metadata