Skills
skills/cartoonitunes/inlay-skills/ai-readiness-audit/Gen Agent Trust Hub

ai-readiness-audit

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The script scripts/audit.sh makes a network request to https://www.inlay.dev/api/audit. While the domain appears legitimate for the skill's purpose, it is not on the pre-approved trusted source list.
  • [COMMAND_EXECUTION] (SAFE): The skill executes curl and python3 for data retrieval and processing. The bash script uses set -euo pipefail and proper variable quoting to prevent simple shell injection.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from a remote API which dictates future agent actions.
  • Ingestion points: scripts/audit.sh retrieves a JSON response containing 'recommendations' from a remote endpoint.
  • Boundary markers: Absent; the output is printed directly to stdout for the agent to read.
  • Capability inventory: The SKILL.md (Step 4) encourages the agent to perform high-privilege operations like file creation (llms.txt), server setup (mcp-server), and code modification based on these recommendations.
  • Sanitization: None; the Python processor extracts title/message fields from the JSON without validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 01:41 AM