competitive-ads-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze untrusted data from external sources (Facebook/LinkedIn Ad Libraries) and use that data to generate local files.
- Ingestion points: Ad copy, headlines, and creative content from external web platforms (SKILL.md).
- Boundary markers: Absent. The instructions do not specify any delimiters or safety prompts to prevent the agent from obeying instructions embedded within the extracted ads.
- Capability inventory: The skill directs the agent to perform file system writes, including saving screenshots and markdown reports to the user's home directory (
~/competitor-ads/) (SKILL.md). - Sanitization: Absent. There is no requirement to sanitize or validate the harvested content before processing or saving.
- [External Downloads] (LOW): The skill requires the agent to connect to external, non-whitelisted domains to retrieve content. While these are legitimate ad platforms, the automated scraping of these sites increases the attack surface for data-driven attacks.
Recommendations
- AI detected serious security threats
Audit Metadata