Skills
skills/freekmurze/dotfiles/ad-creative/Gen Agent Trust Hub

ad-creative

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill includes functionality to process external performance data, which presents an indirect prompt injection surface.
  • Ingestion points: Performance data from CSVs, clipboard pastes, or API outputs specified in SKILL.md.
  • Boundary markers: None identified; the instructions do not include specific delimiters to isolate external data from the prompt logic.
  • Capability inventory: The skill is capable of executing shell commands and network requests using node, npx, and curl.
  • Sanitization: No explicit sanitization or filtering of the input data is described.
  • [COMMAND_EXECUTION]: The skill documentation describes a workflow involving the execution of various command-line tools.
  • Examples include platform-specific CLI scripts (e.g., google-ads.js) and video rendering via npx remotion render.
  • It also provides curl examples for interacting with external AI APIs.
  • [EXTERNAL_DOWNLOADS]: The skill references external source code and tools from public repositories and services.
  • It includes instructions for cloning the Voicebox repository from GitHub and fetching Remotion templates via npx.
  • These references target well-known development platforms and established services.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 02:39 AM