google-ad-scraper
Warn
Audited by Snyk on Mar 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). This skill (SKILL.md and scripts/search_google_ads.py) uses Apify actors to fetch and scrape public content from Google’s Ads Transparency Center (https://adstransparency.google.com) and ingests advertiser-generated ad creatives (headlines, descriptions, ad_text, destination URLs) as part of its workflow, which are untrusted third‑party inputs that can influence analysis and downstream decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill at runtime posts to the Apify API (e.g. https://api.apify.com/v2/acts/apify~web-scraper/runs and https://api.apify.com/v2/acts/xtech~google-ad-transparency-scraper/runs), which executes remote Apify actors (remote code) and is required for the scraper to function, so this external URL is a runtime dependency that executes remote code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata