Skills
skills/gnoviawan/agentic-marketing/marketing-paid-ads/Gen Agent Trust Hub

marketing-paid-ads

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its automated research functionality which extracts data from third-party sources.
  • Ingestion points: The skill uses agent-browser to retrieve the text content of competitor landing pages and ad transparency centers (Meta, Google, TikTok, LinkedIn) specified in SKILL.md.
  • Boundary markers: There are no explicit delimiters or specific instructions to isolate the scraped content from the agent's core instructions, nor are there warnings to ignore embedded commands within the retrieved data.
  • Capability inventory: The agent has the ability to read and write to the local file system (saving deliverables and screenshots) and perform network operations via browser automation.
  • Sanitization: No sanitization, filtering, or validation of the external scraped content is performed before it is analyzed to generate campaign strategies.
  • [EXTERNAL_DOWNLOADS]: The skill requires the agent-browser dependency, which is fetched from the official Vercel Labs GitHub repository. This is a trusted source and the installation follows established patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 11:37 PM