competitive-ads-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because its primary function is to scrape and interpret untrusted external content. * Ingestion points: Ad copy and metadata from Facebook Ad Library, LinkedIn, and other external platforms. * Boundary markers: None mentioned; the skill likely interpolates raw ad text directly into prompts for analysis. * Capability inventory: File system write access (saving to '~/competitor-ads/'), structured data generation (CSV/Presentation), and decision-making (providing recommendations for the user's ads). * Sanitization: No sanitization or safety-filtering logic is described for the incoming untrusted data.
- [NO_CODE] (INFO): Only a Markdown description (SKILL.md) was provided. No implementation scripts were included for review. * Risk: The methods used for scraping (e.g., browser automation) and the specific dependencies used for screenshotting and analysis cannot be audited for vulnerabilities such as RCE or unsafe deserialization.
Recommendations
- AI detected serious security threats
Audit Metadata