ad-creative-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and analyzes untrusted data from external ad platforms.
- Ingestion points: Competitor ad copy, headlines, and descriptions are scraped from Meta and Google Ad Libraries (SKILL.md).
- Boundary markers: The instructions lack explicit delimiters or "ignore embedded instructions" warnings for the agent when processing the scraped content.
- Capability inventory: The skill executes shell commands via
python3and performs file-write operations to the local file system (SKILL.md). - Sanitization: No sanitization or escaping of the scraped ad content is performed before it is analyzed by the agent.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts using shell commands.
- Evidence: The instructions include shell commands like
python3 skills/meta-ad-scraper/scripts/scrape_meta_ads.py --domain <competitor_domain>which interpolate user-supplied domain names directly into the command line arguments (SKILL.md).
Audit Metadata