paid-ads

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it ingests and processes untrusted content from external sources. \n
  • Ingestion points: Untrusted data enters the agent context through the materialText, materialFile, and materialUrl parameters as defined in references/form-schema.json and SKILL.md. \n
  • Boundary markers: The skill configuration does not include explicit delimiters or instructions to the agent to ignore potentially malicious embedded commands within the analyzed materials. \n
  • Capability inventory: The skill uses a Python runner (scripts/run.py) to transmit user data to the external ai-skills.ai endpoint for analysis. \n
  • Sanitization: There is no evidence of input validation or content sanitization to prevent the agent from executing instructions hidden within the provided advertisement materials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — paid-ads