ad-creative
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill demonstrates secure handling of sensitive information by using environment variable placeholders (e.g., $GEMINI_API_KEY, $ELEVENLABS_API_KEY) in its example API requests rather than hardcoding credentials.
- [EXTERNAL_DOWNLOADS]: References several well-known and trusted AI services including Google Gemini, OpenAI, Meta, and LinkedIn. It also provides installation instructions for 'voicebox', an open-source tool, from a public GitHub repository. These downloads are documented as part of the legitimate creative workflow.
- [COMMAND_EXECUTION]: The skill documents the use of local CLI tools (e.g.,
node tools/clis/google-ads.js) and 'curl' for interacting with advertising APIs. These commands are task-specific and used to retrieve campaign insights or generate assets as intended by the skill's description. - [PROMPT_INJECTION]: Analysis identified a surface for indirect prompt injection as the skill processes external performance data.
- Ingestion points: Performance data provided by users via CSV, text pastes, or retrieved through API tool outputs (e.g.,
google-ads reports get) inSKILL.md. - Boundary markers: The skill does not currently define specific delimiters or instructions to ignore embedded commands within the analyzed performance data.
- Capability inventory: Capabilities include executing local CLI tools, making outbound network requests via
curl, and generating structured CSV files. - Sanitization: No explicit sanitization or validation logic for the input data is mentioned in the documentation.
Audit Metadata