google-ads
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains instructions to read and display the contents of
~/.google-ads.yaml. This file typically contains highly sensitive information includingdeveloper_token,client_id,client_secret, andrefresh_token. Exposing these to the agent's context increases the risk of accidental exposure or exfiltration. - [COMMAND_EXECUTION]: The skill uses shell commands like
lsandcatto access and verify configuration files on the local filesystem. Specifically,cat ~/.google-ads.yamlis used to verify setup, which triggers the exposure of credentials. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
google-adsandgoogle-auth-oauthlibPython packages. While these are official libraries from a well-known service (Google), they represent external dependencies that must be managed. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingest data from external sources (Google Ads API responses and UI snapshots) such as campaign names, keyword text, and ad copy. An attacker with access to the Google Ads account could inject malicious instructions into these fields to influence the agent's behavior, potentially leading to unauthorized 'mutate' operations like pausing campaigns or changing budgets.
- Ingestion points:
GoogleAdsService.searchresults,browser:snapshotof Google Ads UI tables. - Boundary markers: None identified in the prompt templates to distinguish between data and instructions.
- Capability inventory:
mutate_campaigns,mutate_ad_group_criteria,mutate_campaign_budgets, and browser-based bulk actions (Pause/Edit). - Sanitization: No evidence of sanitization or validation of the data retrieved from the API or browser before it is processed or displayed.
Recommendations
- AI detected serious security threats
Audit Metadata