googleads-automation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and process data from external Google Ads and Analytics accounts, which constitutes an untrusted data surface.
- Ingestion points: Data enters the agent's context through tools like
GOOGLE_ANALYTICS_RUN_REPORTandGOOGLE_ANALYTICS_LIST_PROPERTIES(campaign names, account descriptions, etc.). - Boundary markers: Absent. The skill does not provide delimiters or instructions for the agent to disregard natural language instructions that might be embedded in campaign names or metadata.
- Capability inventory: The provided tools are primarily read-only (reporting and listing), which limits the immediate risk to information disclosure or reasoning bias rather than direct system compromise.
- Sanitization: There is no evidence of sanitization or filtering of the data retrieved from the API.
- External Downloads (LOW): The skill requires the configuration of a remote MCP server at
https://rube.app/mcp. - Evidence: The setup instructions explicitly require adding this third-party URL as a server endpoint.
- Trust Status: Neither
rube.appnorcomposio.devare included in the provided list of trusted external sources. Users should verify the security and privacy practices of the provider before connecting their Google accounts.
Audit Metadata