meta-ads-strategy
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill integrates with the 'adkit' CLI tool to perform automated tasks such as campaign creation and status checks (e.g.,
adkit status,adkit meta campaigns create). These commands are legitimate components of the workflow provided by the vendor. - [EXTERNAL_DOWNLOADS]: The documentation references numerous trusted third-party marketing services and design tools, including Canva, Figma, and official Meta resources, as well as the vendor's website at
adkit.so. - [PROMPT_INJECTION]: The skill ingests untrusted data from local project files (
ad-process.md,ad-brief.md) and user-provided product URLs to tailor its advertising recommendations, representing an indirect prompt injection surface. - Ingestion points: Local project files and external product websites identified in SKILL.md and brief.md.
- Boundary markers: Not used for untrusted data ingestion.
- Capability inventory: Shell command execution via the 'adkit' CLI and local file system write access.
- Sanitization: No explicit validation or filtering of ingested data is mentioned.
Audit Metadata