google-search-ads-builder
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection risk. The skill fetches content from external URLs (competitor sites and landing pages) and processes this untrusted data to generate marketing content.
- Ingestion points: fetch_webpage and web_search results used in Phase 1 and Phase 3.
- Boundary markers: Missing explicit delimiters to isolate external content from the model's instructions.
- Capability inventory: File writing (clients/ directory), web_search, and fetch_webpage tools.
- Sanitization: No evidence of sanitization or validation of the retrieved web content before it is processed.
Audit Metadata