ad-creative
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill is intended to process marketing performance data (e.g., ROAS, conversion metrics) from CSV files or API outputs. This data is handled locally to optimize ad variations, which is the primary purpose of the skill.
- [INDIRECT_PROMPT_INJECTION]: The skill features ingestion points for untrusted data, specifically through web search results for 'competitor messaging' and processing external performance data. While the instructions lack explicit boundary markers or sanitization logic, the risk is assessed as low given the context of creative generation.
- [EXTERNAL_DOWNLOADS]: The documentation references well-known services and specific open-source tools (e.g., Remotion, Voicebox, ElevenLabs, Google Gemini API) necessary for ad production. These are standard tools from recognized organizations and developers.
- [COMMAND_EXECUTION]: The skill includes instructions for interacting with specialized CLI tools (e.g.,
google-ads.js) to fetch campaign data. These operations are scoped to data retrieval for the skill's optimization workflow.
Audit Metadata