Ad-Ready

The skill is classified as suspicious due to several vulnerabilities. The `scripts/generate.py` file exhibits a Server-Side Request Forgery (SSRF) vulnerability in its `fetch_product_image` and `fetch_brand_logo` functions, which make HTTP requests to user-controlled or user-derived URLs without sufficient validation, potentially allowing access to internal network resources. Additionally, these functions can lead to arbitrary file downloads to `/tmp/`, posing a risk of denial of service. Furthermore, the `scripts/generate.py` passes user-provided `creative_brief` and `language` parameters directly into the AI prompt templates (`configs/Product_to_Ads/*.json`) without sanitization, creating a clear prompt injection vulnerability against the downstream image generation AI.