upload-ad-sample
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard tools including
curl,ffmpeg, andffprobeto perform media processing and API registration. These operations are conducted locally on the project files as part of the intended workflow. - [SAFE]: Network operations are directed to the official vendor domain
app.gooseworks.ai. Sensitive authentication is managed through environment variables rather than hardcoded credentials. - [SAFE]: The skill ingests untrusted local data from files such as
HOW_TO.mdandscene-contract.json. While this constitutes an indirect prompt injection surface (Ingestion points: project directory files; Boundary markers: none; Capabilities: network access and subprocess execution; Sanitization: none), it is a necessary functional requirement for the skill's purpose of importing ad production context.
Audit Metadata