competitive-ads-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill package is composed entirely of a markdown file (SKILL.md). It does not contain any executable scripts, binaries, configuration files, or dependency manifests.
- [PROMPT_INJECTION]: The workflow described in the documentation involves ingesting untrusted data from public ad libraries, which creates a surface for indirect prompt injection.
- Ingestion points: Data and text extracted from Facebook Ad Library, LinkedIn, and other external platforms.
- Boundary markers: The provided documentation does not outline the use of delimiters or instructions to the agent to ignore instructions within the scraped data.
- Capability inventory: The workflow description includes writing analysis files and screenshots to the local file system.
- Sanitization: There is no description of data validation or sanitization processes for the external content being analyzed.
Audit Metadata