ads-audit
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, specifically exports and screenshots from various ad platforms, which can be used for indirect prompt injection.
- Ingestion points: Data enters the agent context through file exports, screenshots, or API data from Google, Meta, LinkedIn, TikTok, and Microsoft Ads, as specified in the 'Data Collection' section of SKILL.md.
- Boundary markers: The instructions do not include specific delimiters or 'ignore' instructions to prevent the agent from being influenced by malicious prompts hidden within the ingested advertisement data.
- Capability inventory: The skill is capable of writing multiple markdown files (ADS-AUDIT-REPORT.md, ADS-ACTION-PLAN.md, ADS-QUICK-WINS.md) and delegating tasks to other subagent skills.
- Sanitization: The skill lacks specified validation or sanitization steps for the data before it is analyzed and used to generate reports.
Audit Metadata