paid-ads
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it ingests and processes untrusted content from external sources. \n
- Ingestion points: Untrusted data enters the agent context through the
materialText,materialFile, andmaterialUrlparameters as defined inreferences/form-schema.jsonandSKILL.md. \n - Boundary markers: The skill configuration does not include explicit delimiters or instructions to the agent to ignore potentially malicious embedded commands within the analyzed materials. \n
- Capability inventory: The skill uses a Python runner (
scripts/run.py) to transmit user data to the externalai-skills.aiendpoint for analysis. \n - Sanitization: There is no evidence of input validation or content sanitization to prevent the agent from executing instructions hidden within the provided advertisement materials.
Audit Metadata