The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is designed to ingest and act upon untrusted data from ad platform reports, which creates a surface for indirect prompt injection.
Ingestion points: Ad performance reports and search term reports analyzed in ads-google-reporting/README.md and ads-meta-reporting/README.md.
Boundary markers: No specific delimiters or safety warnings for the LLM to ignore embedded instructions in report data were found.
Capability inventory: The skill allows the agent to modify campaign settings, add keywords, and update ad copy based on interpreted data.
Sanitization: No sanitization or validation logic is defined for the external search term data before it is processed by the agent.
[Data Exposure & Exfiltration] (LOW): The skill references sensitive file paths used for storing API credentials.
Evidence: google-ads-basics/README.md provides code templates that reference service-account.json and google-ads.yaml for authentication. While standard for API usage, these files contain sensitive private keys and tokens.
[External Downloads] (LOW): The skill includes functionality to fetch content from remote URLs.
Evidence: google-display-ads/README.md contains a Python snippet using requests.get(image_url).content to download image assets for ad creation. This is a functional requirement but represents an external network dependency.

faion-ppc-manager