ad-creative-generation
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates within a restricted tool surface using the Hyper MCP (
firecrawl_extract_branding,openai_image_edit, etc.). All tool calls are aligned with the stated purpose of generating advertising assets. - [SAFE]: External website data is ingested only through the
firecrawl_extract_brandingtool, which is a standard method for brand analysis. The skill does not attempt to perform arbitrary network requests or exfiltrate sensitive local data. - [SAFE]: All external references, such as the Hyper platform (app.hyperfx.ai), are legitimate resources belonging to the skill's vendor (hyperfx-ai).
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an inherent attack surface by processing data from user-supplied URLs.
- Ingestion points: External website content is processed via
firecrawl_extract_brandinginSKILL.md. - Boundary markers: The instructions do not explicitly implement delimiters or specific instructions to ignore malicious text embedded in the source website's branding metadata.
- Capability inventory: The skill uses image generation tools (
openai_image_edit,nano_banana_image_generation) and generates advertising copy based on the ingested data. - Sanitization: There is no explicit sanitization step described for the branding personality or description strings before they are used in prompts.
Audit Metadata