Skills
skills/eachlabs/skills/meta-ad-creative-generation/Gen Agent Trust Hub

meta-ad-creative-generation

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes user-supplied messages and external image URLs via the each::sense API. This functionality introduces an attack surface where instructions embedded within the user message or hidden within the image data (e.g., via metadata or steganography) could potentially override the intended generation behavior.
  • Ingestion points: In SKILL.md, the message and image_urls fields in the JSON payload are the entry points for untrusted external data.
  • Boundary markers: Absent. The instructions do not specify any delimiters or safety prefixes to separate user input from system-level instructions in the API call.
  • Capability inventory: The skill uses curl to interact with https://sense.eachlabs.run/chat, which is a legitimate vendor service for this functionality.
  • Sanitization: Absent. There is no evidence of validation or sanitization for the content processed from external URLs or messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 11:32 PM