humanize-ai-text
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network operations to a non-whitelisted domain (api.openclaw.ai). It is designed to send user-provided text to the endpoint https://api.openclaw.ai/v1/humanize via HTTP POST requests. While no unauthorized access to local sensitive files was detected, communication with an external, non-whitelisted service for data processing constitutes a data exposure surface.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: The skill ingests untrusted text data via the '--input' CLI flag, file inputs, and JSON API payloads.
- Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings shown in the usage examples to prevent the underlying model from executing instructions hidden within the input text.
- Capability inventory: The skill has network communication capabilities that could be abused if an injected prompt forces a request to a malicious destination.
- Sanitization: No evidence of input sanitization, escaping, or schema validation is provided to mitigate the risk of processing adversarial instructions.
Audit Metadata