ad-creator
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install the Tempo CLI by piping a remote script directly into the shell (
curl -sSL https://tempo.im/install.sh | sh). This is a dangerous practice that allows for arbitrary code execution from a third-party server. - [EXTERNAL_DOWNLOADS]: The skill performs an unverified download of an installation script from
https://tempo.imduring the setup process. - [COMMAND_EXECUTION]: Internal scripts (
check_stats.js,submit_ad.js,topup_ad.js) use theexecSyncfunction to executetempoCLI commands. While the skill attempts to validate some inputs using regular expressions, this pattern increases the risk of command injection if validation is bypassed. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion process.
- Ingestion points: The skill reads product information from local files such as
README.md,package.json, andCargo.tomlinSKILL.md(Step 1). - Boundary markers: No delimiters or safety instructions are provided to the agent to distinguish between data and embedded instructions in these files.
- Capability inventory: The skill can execute network requests and trigger financial transactions (MPP payments) through its submission and top-up scripts.
- Sanitization: The
validate_ad.jsscript checks for field length and basic URL format but does not perform any sanitization for malicious natural language instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://tempo.im/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata