bmad-agent-marketing-paid-ads
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes instructions to download and install the
agent-browserutility from Vercel Labs' official GitHub repository. This repository is a well-known and trusted source within the ecosystem, used here to enable legitimate research capabilities. - [COMMAND_EXECUTION]: The skill uses command-line tools to manage file paths, resolve configuration settings, and execute browser-based research sessions via
agent-browser. These operations are consistent with the skill's primary purpose of advertising analysis. - [DATA_EXPOSURE]: The skill reads project configuration files and brand context files (e.g.,
_bmad/config.yaml,brand-context.md) to align its recommendations with the user's specific business goals. No unauthorized data access or exfiltration patterns were identified. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to browse and extract content from third-party advertising libraries (Meta, Google, TikTok). While this allows the ingestion of untrusted data, the skill's capabilities are limited to research and reporting, and it does not demonstrate autonomous execution of instructions found on these external sites.
Audit Metadata