ugc-ads
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted data from external websites.
- Ingestion points: Content is retrieved from user-supplied URLs via
WebFetchandcapture_websitetools inSKILL.md(Steps 1 and 3). - Boundary markers: The skill composition logic (Step 4) lacks boundary markers or delimiters to isolate fetched content from instruction logic.
- Capability inventory: The agent can generate multimodal video and audio content using the
generate_reference_videotool (Step 7). - Sanitization: No validation or sanitization is performed on the retrieved product metadata before it is interpolated into dialogue prompts.
- [DATA_EXFILTRATION]: The skill handles sensitive user data by retrieving and sharing voice profile information.
- In Step 6, the skill invokes
identity_voice_sample_urlto obtain a temporary link to the user's voice biometric data. - This sensitive URL is then transmitted to external third-party generation providers (
seedanceandkling) to facilitate voice cloning for the video output. While this aligns with the primary purpose of the skill, it involves the transfer of sensitive information to non-whitelisted external domains.
Audit Metadata