humanize
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations to an external domain not included in the trusted whitelist. Evidence: POST request to https://humanizerai.com/api/v1/humanize via WebFetch. While this is the skill's primary purpose, it constitutes a data exposure surface to an unverified third party.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted user text and transmits it to an external API without security delimiters or sanitization. 1. Ingestion points: User-supplied text via $ARGUMENTS. 2. Boundary markers: Absent; the JSON payload template does not use delimiters to isolate user text from the request structure. 3. Capability inventory: Use of WebFetch tool for external data transmission. 4. Sanitization: No sanitization, escaping, or validation logic is defined for the input text.
Audit Metadata