ad-upload
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides command templates using
curl,jq, andidentifyto manage ad assets. These commands are used to interact with the Facebook Graph API and perform local file validation, which is consistent with the skill's purpose. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to the official Meta Graph API (
graph.facebook.com). This is a well-known service and the interactions are documented neutrally as standard API usage. - [DATA_EXFILTRATION]: The skill accesses a Facebook API token stored in the user's local directory (
~/.social-cli/config.json). This credential is used exclusively for authenticating requests to Meta's official endpoints. - [PROMPT_INJECTION]: The skill processes data from other skills and workspace files. It mitigates potential indirect injection risks by implementing strict validation rules for ad components (headlines, descriptions, CTA types) and offering a dry-run mode for manual verification.
Audit Metadata