ad-creative
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface through the ingestion of untrusted external content. * Ingestion points: The agent reads performance data from CSV files, API outputs, or manual pastes and context from the product marketing file. * Boundary markers: There are no specific delimiters or instructions to ignore embedded commands within the ingested data. * Capability inventory: The agent is instructed to execute local CLI tools and network operations via curl. * Sanitization: No sanitization or validation of the external performance data is specified.
- [COMMAND_EXECUTION]: The skill relies on the execution of shell commands for its core functionality. * Evidence: Mentions running local integration scripts like 'node tools/clis/google-ads.js' and rendering video with 'npx remotion'.
- [EXTERNAL_DOWNLOADS]: The reference documentation includes instructions to download and install software from an unverified GitHub repository. * Evidence: Provides steps to 'git clone' from the 'jamiepine/voicebox' repository followed by 'make setup', which constitutes a remote code download and execution pattern from an untrusted source.
Audit Metadata