ad-campaign-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill processes external, untrusted data including CSV exports from ad platforms, pasted performance tables, and screenshots in SKILL.md (Phase 0).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' markers when processing the ingested data.
- Capability inventory: The skill has the capability to write files to the local file system as described in Phase 4 ('Save to clients//ads/campaign-analysis-[YYYY-MM-DD].md').
- Sanitization: There is no mention of input validation or sanitization for the data being analyzed or written to the report file.
Audit Metadata