ad-creative
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified in the ad rendering process. The skill takes untrusted text such as headlines and incorporates them directly into HTML templates. This content is then processed by the Playwright browser tool, which the skill suggests should be configured with unrestricted file access, increasing the potential impact of script execution.
- Ingestion points: User-provided headline text and ad concepts.
- Boundary markers: No delimiters are used to separate user content from the HTML structure.
- Capability inventory: The skill utilizes Playwright MCP to render local files and capture images.
- Sanitization: No input validation or HTML escaping is performed on user inputs.
Audit Metadata