ad-copy-compliance-review

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits user-supplied advertisement text, files, and URLs to the ai-skills.ai domain for processing. This behavior is documented and aligns with the skill's stated purpose as a bridge to an external compliance service. \n- [EXTERNAL_DOWNLOADS]: The execution script scripts/run.py optionally imports the certifi Python package to manage CA bundles for secure HTTPS connections. \n- [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface as it ingests untrusted data. \n
  • Ingestion points: materialText, materialFile, and materialUrl as defined in references/form-schema.json. \n
  • Boundary markers: None identified in the provided skill files. \n
  • Capability inventory: Sends aggregated user data to the AI Skills API via scripts/run.py. \n
  • Sanitization: No client-side sanitization is performed on input data before transmission.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:36 PM
Security Audit — agent-trust-hub — ad-copy-compliance-review