competitive-ads-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data (ad content) and has significant local capabilities. 1. Ingestion points: Scrapes data from Facebook Ad Library and LinkedIn. 2. Boundary markers: None identified. 3. Capability inventory: Network access for scraping and local file system write access to '~/competitor-ads/'. 4. Sanitization: No sanitization or filtering logic is mentioned. An attacker could craft an ad with instructions (e.g., hidden in metadata or small print) that the agent executes, potentially leading to data exfiltration or system modification.
- [Command Execution] (MEDIUM): The skill's stated workflow for capturing screenshots and scraping typically involves executing external subprocesses or browser automation tools, which increases the attack surface if the agent is redirected by malicious ad content.
Recommendations
- AI detected serious security threats
Audit Metadata