competitive-ads-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists of markdown instructions and examples without any associated executable scripts or binary files.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and analyze untrusted text from external ad libraries. An attacker could place malicious instructions within an ad's copy to influence the agent's behavior during the analysis phase.
- Ingestion points: Scraped content from Facebook Ad Library, LinkedIn, and other platforms as described in SKILL.md.
- Boundary markers: The instructions do not specify the use of delimiters or protective prompts to isolate untrusted data from the system prompt.
- Capability inventory: The agent is instructed to write files to the local filesystem (e.g., ~/competitor-ads/notion/) and perform complex analysis on the ingested content.
- Sanitization: The skill does not mention any methods for validating, escaping, or cleaning the external content before it is processed by the model.
Audit Metadata