competitive-ads-extractor
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (LOW): The provided skill contains only a markdown description (SKILL.md) and no executable code (Python, JavaScript, or shell scripts). Technical analysis is limited to the described behavior and examples.
- [PROMPT_INJECTION] (MEDIUM): The skill demonstrates a significant surface for Indirect Prompt Injection. Ingestion points: Untrusted data is ingested from external Facebook and LinkedIn Ad Libraries. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided documentation or examples. Capability inventory: The skill is described as having file-write capabilities, saving analysis and screenshots to the local filesystem (e.g.,
~/competitor-ads/). Sanitization: No sanitization or validation of the scraped ad copy is mentioned before the AI processes it for analysis, allowing potential attackers to embed instructions in ad copy that the agent might follow during the processing phase.
Audit Metadata