marketing-paid-ads
Warn
Audited by Snyk on Mar 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill's Research Mode explicitly directs the agent to run agent-browser on public third-party pages—e.g., Facebook Ads Library, Google Ad Transparency Center, TikTok Creative Center, LinkedIn ad library, and competitor landing/pricing pages—to get page text and extract insights which are then used to drive campaign decisions, so it clearly ingests untrusted user-generated/open-web content that can influence subsequent tool use and actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's runtime research workflow requires installing and running the agent-browser tool by fetching remote code from https://github.com/vercel-labs/agent-browser (via the provided "npx skills add https://github.com/vercel-labs/agent-browser --skill agent-browser" instruction), which downloads and executes third‑party code as a required dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata