ad-creative
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted external data to influence its ad generation output.
- Ingestion points: Reads product marketing context from
.claude/product-marketing-context.mdand performance data from CSV files, text pastes, or API outputs. - Boundary markers: None identified; external data is not wrapped in delimiters or accompanied by warnings to ignore embedded instructions.
- Capability inventory: The skill utilizes
WebSearchfor market research and executes local CLI tools to interact with advertising platforms. - Sanitization: No validation or sanitization of the input context or performance data is defined.
- [COMMAND_EXECUTION]: Directs the agent to execute local CLI tools (e.g.,
node tools/clis/google-ads.js) to pull metrics and manage campaign assets. - [EXTERNAL_DOWNLOADS]: Interacts with well-known AI services and APIs, including Google Gemini, OpenAI, ElevenLabs, and Ideogram. It also provides instructions for utilizing open-source tools like Remotion and Voicebox.
Audit Metadata