ai-ad-creative
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill employs a Python script (
scripts/run.py) that transmits user-provided parameters and an API key to the external domainhttps://ai-skills.ai. This network activity is the primary mechanism for the skill's operation but involves sending data to a non-whitelisted external endpoint. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted data from external sources, which could contain hidden instructions intended to manipulate the agent's output.
- Ingestion points: The skill ingests data from external URLs (
materialUrl), file uploads (materialFile), and pasted content (materialText) as defined inreferences/form-schema.jsonandSKILL.md. - Boundary markers: No explicit delimiters or instruction-isolation markers are implemented in the runner script to separate untrusted content from the system prompt.
- Capability inventory: The skill uses
urllib.requestto perform authenticated POST operations to a remote API, creating a channel for data transmission. - Sanitization: The provided code does not include any sanitization, filtering, or validation logic for the content processed from external files or URLs.
Audit Metadata