Skills
skills/itallstartedwithaidea/google-ads-skills/google-ads-mcp/Gen Agent Trust Hub

google-ads-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the google-ads-mcp package directly from the author's GitHub repository via pip install git+https://github.com/itallstartedwithaidea/google-ads-mcp.git.
  • [COMMAND_EXECUTION]: The server is executed locally using the python -m ads_mcp.server command as part of the MCP configuration.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the Google Ads API and has the capability to perform account modifications.
  • Ingestion points: Untrusted data enters the agent context through tools like get_search_terms, get_ad_performance, and execute_gaql which fetch content from Google Ads.
  • Boundary markers: The instructions do not specify any delimiters or safety warnings to distinguish external API data from system instructions.
  • Capability inventory: The skill includes several high-privilege write tools such as update_campaign_budget, create_campaign, and generic_mutate which can modify account state.
  • Sanitization: There is no evidence of data sanitization or validation for content retrieved from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 01:11 PM