competitive-ads-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted data from external ad platforms (Facebook, LinkedIn). An attacker can place malicious instructions in ad copy that, when processed by the agent, could lead to unauthorized actions. * Ingestion points: Web scraping of external ad libraries (SKILL.md). * Boundary markers: Missing; the skill description does not specify how it distinguishes between ad content and instructions. * Capability inventory: Web access, local file writing (~/competitor-ads/), and natural language reasoning. * Sanitization: None specified.
- [No Executable Code] (LOW): The skill consists only of a SKILL.md file with no accompanying scripts or configuration files, representing a template or documentation rather than a functional tool.
Recommendations
- AI detected serious security threats
Audit Metadata