Skills
skills/motion-creative/motion-creative-plugin/industry-trends/Gen Agent Trust Hub

industry-trends

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data from competitor ad libraries and transcripts, creating a vulnerability where embedded instructions could manipulate agent output.\n
  • Ingestion points: External data enters the context via mcp__motion__get_creative_transcript, mcp__motion__get_inspo_creatives, and mcp__motion__get_inspo_brand_context.\n
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands within the ingested competitor data.\n
  • Capability inventory: Execution is limited to read-only vendor tools; there are no capabilities for file modification or arbitrary command execution.\n
  • Sanitization: There is no evidence of content filtering or validation for the external transcripts and creative metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 01:00 AM