competitive-ads-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown-based instructions and examples within the SKILL.md file. It does not include any Python scripts, Node.js dependencies, or binary executables.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its primary function is to ingest and analyze untrusted data from external sources (e.g., Facebook Ad Library, LinkedIn).
- Ingestion points: Competitor ad copy, headlines, and creative descriptions extracted from external ad libraries into the agent's context.
- Boundary markers: No specific delimiters or instructions (e.g., 'ignore embedded commands') are used to separate external data from the analysis logic.
- Capability inventory: The skill instructions imply the use of the agent's web browsing and file system access capabilities to perform scraping and save extracted data.
- Sanitization: There is no mention of filtering, escaping, or validating the text extracted from ads before it is processed by the LLM.
Audit Metadata