paid-channel-prioritizer
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run shell commands using user-provided data, specifically when executing ad-scraping scripts with the '--domain <competitor_domain>' argument. This pattern is vulnerable to command injection if the agent does not strictly sanitize the input from the 'Intake' phase.
- [COMMAND_EXECUTION]: The skill specifies saving output to a file path constructed from user-supplied input: 'clients//ads/'. This creates a risk of path traversal if the client name contains directory navigation sequences like '../', potentially allowing the agent to write files to unauthorized locations.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from web search results (competitor ad libraries and search engines). Maliciously crafted content on these external sites could influence the agent's logic or output during the analysis phase.
Audit Metadata