humanize
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted text to humanize it, creating a surface for indirect prompt injection. Ingestion points: User input and local files processed by SKILL.md and humanize-api.py. Boundary markers: Absent; no delimiters are defined to isolate untrusted text. Capability inventory: File system read access and network requests. Sanitization: None performed on input text.
- [EXTERNAL_DOWNLOADS]: The skill interacts with the commercial service at humanize.undetectable.ai and installs the requests package via pip during setup.
- [COMMAND_EXECUTION]: The skill provides instructions to execute a local Python script with user-controlled text as a command-line argument, which serves as a potential command injection surface if the agent does not properly escape the string.
Audit Metadata