ads-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- NO_CODE (SAFE): The skill is composed exclusively of markdown instructions. No executable scripts, binaries, or configuration files are provided within the skill folder.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external data. 1. Ingestion points: Google Ads exports, Meta Ads Manager exports, Search Terms Reports, and screenshots specified in the Data Collection section of SKILL.md. 2. Boundary markers: Absent. There are no instructions provided to the agent to ignore or delimit embedded instructions within the ingested files. 3. Capability inventory: The agent generates report files (ADS-AUDIT-REPORT.md, etc.) and delegates tasks to other sub-agents. 4. Sanitization: Absent. No verification or sanitization of the account exports is defined.
Audit Metadata