Skip to main content
ClaudeWave
Skill136 repo starsupdated 4d ago

c2pa-metadata

Embed C2PA (Content Authenticity Initiative) provenance manifests in AI-generated marketing assets (image/video/audio/PDF). Use when: preparing AI-generated ad creative, social images, or video for EU markets to comply with EU AI Act Article 50 (applicable 2 Aug 2026); embedding visible AI-generation disclosure in assets; meeting brand-trust transparency requirements.

View sourceRepository: digital-marketing-pro
Install in Claude Code
Copy
git clone --depth 1 https://github.com/indranilbanerjee/digital-marketing-pro /tmp/c2pa-metadata && cp -r /tmp/c2pa-metadata/skills/c2pa-metadata ~/.claude/skills/c2pa-metadata
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

# /digital-marketing-pro:c2pa-metadata — Embed Content Authenticity Provenance

## Purpose

Wraps `scripts/embed-c2pa.py` to add a **C2PA (Coalition for Content Provenance and Authenticity) manifest** to any AI-generated marketing asset. The manifest carries a machine-readable provenance trail (who generated it, what generator was used, what prompt produced it, when it was reviewed) plus a visible AI-generation claim in the IPTC digital-source-type vocabulary.

This is the technical mechanism brands use to comply with:

- **EU AI Act Article 50** (applicable 2 August 2026) — generative-AI marketing content must be marked in a machine-readable format using open, interoperable standards. C2PA is the emerging backbone. Penalty for non-compliance: up to **€15 million or 3% global annual turnover**.
- **NY synthetic-performer disclosure law** (effective June 2026) — $1K–$5K per violation, $10K repeat; applies to synthetic influencers and AI-generated endorsements.
- **FTC May 2026 endorsement guidance** — covers AI testimonials and synthetic creator content.
- **Australia Online Safety Act / UK Online Safety Act** — emerging deepfake disclosure requirements.

The resulting asset can be inspected by any C2PA-aware viewer (Adobe Photoshop, Lightroom, Truepic, [contentcredentials.org/verify](https://contentcredentials.org/verify)).

### C2PA spec versions to be aware of (June 2026)

- **Content Credentials 2.3** (released 9 February 2026 — [launch post](https://c2pa.org/the-c2pa-launches-content-credentials-2-3-and-celebrates-5-years-of-impact-across-the-digital-ecosystem/)) added format support for: **live video** (broadcast/streaming), **plain text documents**, **OGG Vorbis audio**, **large AVI video files**, and **EXIF Original Preservation Images**. If a brand is signing live-stream video or text-based assets for the first time, 2.3 is the floor version to target.
- **C2PA Spec 2.4** (April 2026 — [spec.c2pa.org/specifications/specifications/2.4](https://spec.c2pa.org/specifications/specifications/2.4/specs/C2PA_Specification.html)) introduces the **AI Disclosure Assertion (`c2pa.ai-disclosure`)** for machine-readable AI transparency info — this is the assertion the EU AI Act Article 50 deployer pathway will rely on. The Code of Practice WG1 (providers) and WG2 (deployers) draft guidance both reference C2PA-style assertions as the canonical machine-readable marking mechanism. See `skills/context-engine/eu-code-of-practice.md` for the full Article 50 context.
- The **C2PA Trust List** is now handled via the public C2PA Conformance Program (any CA meeting the Certificate Policy can join). Production signing certificates should come from a Conformance-Program-listed CA, not an ad-hoc cert.

**For DMP outputs**: when the underlying `embed-c2pa.py` script supports `--ai-disclosure` (or you're piping through a C2PA SDK ≥ 0.36 that handles 2.4), include the `c2pa.ai-disclosure` assertion alongside the existing IPTC digital-source-type claim. The combination gives you both human-readable (IPTC) and machine-readable (c2pa.ai-disclosure) Article 50 signaling.

## When to invoke

- Right after any AI image / video / audio generation step in the engagement workflow (Part 11 — AI Creative Instructions output)
- Before handing a generated asset to the design team for review
- As a pre-publish gate in `/digital-marketing-pro:check` for EU-targeted assets
- Bulk-applying to a backlog of AI-generated assets before EU AI Act enforcement on 2 Aug 2026

## Quick examples

```bash
# Single asset — image generated by Vertex AI / Nano Banana Pro
/digital-marketing-pro:c2pa-metadata \
    --input assets/q3-launch-hero.png \
    --output assets/signed/q3-launch-hero.png \
    --brand "Acme Corp" \
    --generator "Vertex AI / Nano Banana Pro" \
    --ai-claim ai-generated-content \
    --prompt "minimalist product hero shot, soft natural lighting"

# Video with human review tracked
/digital-marketing-pro:c2pa-metadata \
    --input campaigns/launch-video-v3.mp4 \
    --output campaigns/signed/launch-video-v3.mp4 \
    --brand "Acme Corp" \
    --generator "Runway Gen-4" \
    --ai-claim ai-generated-content \
    --reviewer "Jane Smith"

# Human-created image with AI-assisted edits
/digital-marketing-pro:c2pa-metadata \
    --input assets/founder-headshot-edited.jpg \
    --output assets/signed/founder-headshot-edited.jpg \
    --brand "Acme Corp" \
    --generator "Adobe Generative Fill" \
    --ai-claim ai-assisted-edits

# Production sign with a real C2PA signing certificate
/digital-marketing-pro:c2pa-metadata \
    --input assets/q3-launch-hero.png \
    --output assets/signed/q3-launch-hero.png \
    --brand "Acme Corp" \
    --generator "Vertex AI / Nano Banana Pro" \
    --ai-claim ai-generated-content \
    --signing-cert /secure/c2pa-prod-cert.pem \
    --signing-key /secure/c2pa-prod-key.pem
```

## AI claim values (IPTC digital source type)

| Value | When to use | Maps to IPTC URI |
|---|---|---|
| `ai-generated-content` | Asset fully generated by AI | `algorithmicMedia` |
| `ai-assisted-edits` | Human-created + AI-edited (e.g. Generative Fill) | `compositeWithTrainedAlgorithmicMedia` |
| `ai-no-substantive-changes` | AI used (e.g. upscaling) but no semantic change | `minorHumanEdits` |

The IPTC vocabulary is what EU AI Act regulators reference — using these values rather than ad-hoc strings makes the asset interoperable with the Article 50 enforcement tooling.

## Supported asset formats

`.png` · `.jpg/.jpeg` · `.webp` · `.gif` · `.tiff` · `.mp4` · `.mov` · `.webm` · `.mp3` · `.wav` · `.pdf`

## Signing certificate

Production C2PA signatures require a certificate from a CAI-recognized signing authority. The script will use one if you pass `--signing-cert` and `--signing-key`. If you omit them, the script generates a **self-signed 90-day dev certificate** for development testing only — a self-signed asset will verify as "signature present but signer not in trust list" at [contentcredentials.org/veri
More from this repository
agency-operationsSubagent

Invoke when the user needs to manage multiple client brands, view portfolio-level dashboards, generate client reports, manage SOPs, switch credential profiles, assign team tasks, configure regions, or generate executive summaries. Triggers on requests involving multi-client management, agency workflows, client onboarding, or portfolio oversight.

analytics-analystSubagent

Invoke when the user needs help with marketing measurement, KPI definition, dashboard design, attribution modeling, performance analysis, anomaly detection, competitive benchmarking, or translating data into marketing decisions. Triggers on requests involving metrics, reporting, analytics setup, or data interpretation.

brand-guardianSubagent

Invoke when marketing content needs quality control review — brand voice consistency checks, regulatory compliance verification (GDPR, CAN-SPAM, CCPA, HIPAA, FTC, industry-specific), accessibility auditing (WCAG 2.1), inclusive language review, or brand safety assessment. Automatically invoked as a final review step before any content is published or delivered.

competitive-intelSubagent

Invoke when the user needs competitor analysis — content strategy teardowns, SEO gap analysis, paid ad analysis from ad libraries, social media benchmarking, AI visibility comparisons, pricing and positioning research, or market landscape mapping. Triggers on requests mentioning competitors, competitive gaps, market analysis, or benchmarking.

competitor-intelligenceSubagent

Use when the task requires ongoing competitive monitoring, competitor change detection, share of voice tracking, competitive alerts, ad monitoring, price monitoring, win/loss analysis, or competitive narrative mapping.

content-creatorSubagent

Invoke when the user needs any form of marketing content created or refined — blog posts, ad copy, email campaigns, social media posts, landing page copy, press releases, video scripts, product descriptions, or newsletter content. Triggers on requests to write, draft, rewrite, or improve marketing copy.

crm-managerSubagent

Invoke when the user needs to manage CRM operations — creating contacts, importing leads, updating deals, syncing campaign data, segmenting audiences, managing pipelines, or connecting marketing data to Salesforce, HubSpot, Zoho, or Pipedrive. Triggers on requests involving CRM data, lead management, pipeline updates, or sales-marketing alignment.

cro-specialistSubagent

Invoke when the user needs help with conversion rate optimization — landing page audits, A/B test design, form optimization, pricing page strategy, checkout flow improvement, personalization, statistical significance calculations, page speed impact analysis, or mobile conversion optimization. Triggers on requests involving conversions, landing pages, A/B testing, or optimization experiments.