ads-create
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill does not contain direct prompt injection attempts or instructions to bypass safety guidelines. However, it is vulnerable to indirect prompt injection through external data ingestion.
- Ingestion points: The skill reads 'brand-profile.json' and '*-audit-results.md' files from the current directory.
- Boundary markers: Absent. No delimiters or 'ignore' instructions are specified when these data inputs are passed to creative agents.
- Capability inventory: The skill spawns 'creative-strategist' and 'copy-writer' sub-agents which write to 'campaign-brief.md' on the filesystem.
- Sanitization: No content validation or sanitization of the ingested data is performed.
- [DATA_EXFILTRATION]: No network calls, credential access, or unauthorized reading of sensitive system files (e.g., SSH keys) were identified.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote scripts or external packages.
Audit Metadata