upload-ad-sample

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard tools including curl, ffmpeg, and ffprobe to perform media processing and API registration. These operations are conducted locally on the project files as part of the intended workflow.
  • [SAFE]: Network operations are directed to the official vendor domain app.gooseworks.ai. Sensitive authentication is managed through environment variables rather than hardcoded credentials.
  • [SAFE]: The skill ingests untrusted local data from files such as HOW_TO.md and scene-contract.json. While this constitutes an indirect prompt injection surface (Ingestion points: project directory files; Boundary markers: none; Capabilities: network access and subprocess execution; Sanitization: none), it is a necessary functional requirement for the skill's purpose of importing ad production context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — upload-ad-sample