detect-ai
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill transmits user-provided text from $ARGUMENTS to an external domain (humanizerai.com) via the WebFetch tool. While this is the intended primary purpose, it involves sharing user content with a third-party service.
- Indirect Prompt Injection (LOW): The skill processes untrusted user input and external API responses without utilizing boundary markers or sanitization, creating a surface for indirect prompt injection.
- Ingestion points: User-provided text and JSON responses from the HumanizerAI API.
- Boundary markers: Absent.
- Capability inventory: WebFetch for external API communication.
- Sanitization: None identified in the skill instructions.
Audit Metadata