ads
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process external, untrusted data from ad account exports, screenshots, and API access details. This represents a potential surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent's context during account data collection as specified in the orchestration logic of the SKILL.md file.
- Boundary markers: The skill documentation does not define specific boundary markers or delimiters to separate ingested campaign data from the system's core instructions.
- Capability inventory: The skill utilizes several powerful tools including 'Bash', 'WebFetch', 'Read', 'Grep', and 'Glob', which provide a significant capability set if an injection successfully overrides agent logic.
- Sanitization: There is no documented mechanism for sanitizing, validating, or filtering the content of the external ad data prior to it being processed by the agent.
Audit Metadata