Skills
skills/henkisdabro/wookstar-claude-plugins/google-ads-scripts/Gen Agent Trust Hub

google-ads-scripts

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. The skill ingests untrusted data from the Google Ads environment (campaign names, keyword text) and performs high-privilege actions like pausing campaigns or adjusting budgets based on that data.
  • Ingestion points: AdsApp.campaigns() and AdsApp.keywords() in assets/campaign-optimizer-template.js and references/examples.md.
  • Boundary markers: Absent; data is processed and logged directly into strings.
  • Capability inventory: campaign.pause(), campaign.getBudget().setAmount(), MailApp.sendEmail(), and SpreadsheetApp operations.
  • Sanitization: No sanitization of campaign names or status messages before logging to Sheets or sending via Email notifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:46 PM