ad-creative
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes performance data such as ad headlines and descriptions provided by users or external APIs. An attacker could potentially inject instructions within this data to influence agent behavior during the analysis phase. \n
- Ingestion points: Ad performance data provided via CSV, pasted text, or API outputs as described in SKILL.md. \n
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the processed data. \n
- Capability inventory: The skill has the ability to execute local CLI tools (node) and perform network operations (curl). \n
- Sanitization: No sanitization or validation of input ad copy is specified before it is analyzed for winning patterns.\n- [EXTERNAL_DOWNLOADS]: The skill references and provides examples for using various external APIs and tools for image, video, and voice generation. These include trusted services from Google and OpenAI, as well as well-known platforms like Replicate, Ideogram, ElevenLabs, and Remotion. It also mentions cloning and building the Voicebox tool from a public GitHub repository (jamiepine/voicebox) for local voice generation.\n- [COMMAND_EXECUTION]: The skill workflow involves executing local Node.js CLI tools to interact with advertising platforms. Evidence in SKILL.md shows the use of scripts like tools/clis/google-ads.js and tools/clis/meta-ads.js for fetching reports and managing campaigns. These are used as vendor-provided integration resources.
Audit Metadata