ai-ad-creative

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill employs a Python script (scripts/run.py) that transmits user-provided parameters and an API key to the external domain https://ai-skills.ai. This network activity is the primary mechanism for the skill's operation but involves sending data to a non-whitelisted external endpoint.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted data from external sources, which could contain hidden instructions intended to manipulate the agent's output.
  • Ingestion points: The skill ingests data from external URLs (materialUrl), file uploads (materialFile), and pasted content (materialText) as defined in references/form-schema.json and SKILL.md.
  • Boundary markers: No explicit delimiters or instruction-isolation markers are implemented in the runner script to separate untrusted content from the system prompt.
  • Capability inventory: The skill uses urllib.request to perform authenticated POST operations to a remote API, creating a channel for data transmission.
  • Sanitization: The provided code does not include any sanitization, filtering, or validation logic for the content processed from external files or URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-ad-creative