ad-creative-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted text data (ad headlines, body copy, and descriptions) from Meta and Google Ad Libraries. If an attacker embeds malicious instructions within an ad, these could be executed or followed by the agent during the Phase 3 (Cluster & Analyze) or Phase 4 (Gap Analysis) steps.
- Ingestion points:
scrape_meta_ads.pyandscrape_google_ads.pyoutputs (SKILL.md). - Boundary markers: None specified; ad content is processed directly for clustering and analysis.
- Capability inventory: Python script execution and file writing to the
clients/directory. - Sanitization: No explicit sanitization or filtering of ad copy is described before the content is passed to the analysis phase.
- [COMMAND_EXECUTION]: The skill uses
python3to execute local scripts (scrape_meta_ads.pyandscrape_google_ads.py) located within subdirectories. These scripts take user-supplied domain names as arguments. While this is the intended workflow, it represents a command execution surface. - [SAFE]: The requirement for an
APIFY_API_TOKENis clearly documented as an environment variable and does not involve hardcoded credentials. The output paths are restricted to a specific client directory structure.
Audit Metadata