ad-creative-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted content from external ad platforms, presenting an indirect prompt injection risk.
- Ingestion points: Competitor ad headlines, descriptions, and body copy are scraped from Meta and Google Ad Libraries.
- Boundary markers: The skill instructions do not define delimiters (e.g., XML tags) to separate scraped content from the agent's logic or prevent the agent from following instructions embedded in the ads.
- Capability inventory: The skill is capable of writing analysis reports to the local file system and executing shell-based Python scripts.
- Sanitization: No validation or sanitization of the scraped ad data is performed before processing.
- [COMMAND_EXECUTION]: The skill executes local Python scripts using user-supplied parameters.
- Evidence: The skill triggers scraping by running
python3 skills/meta-ad-scraper/scripts/scrape_meta_ads.py --domain <competitor_domain>, where the domain is provided by the user, representing a potential command-line injection surface if inputs are not handled safely by the underlying agent platform.
Audit Metadata