ads-audit
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions are limited to data analysis and reporting workflows consistent with its stated purpose. No malicious patterns or unauthorized data access attempts were found.
- [NO_CODE]: No executable scripts or code files are included in the skill. The analysis is based on markdown instructions and metadata, which significantly limits the attack surface.
- [PROMPT_INJECTION]: The skill defines a process for ingesting external data (ad platform exports and reports). While this creates a theoretical surface for indirect prompt injection, the lack of executable capabilities and the descriptive nature of the skill render this risk minimal.
- Ingestion points: Ad platform exports, search term reports, and screenshots from Google, Meta, LinkedIn, TikTok, and Microsoft Ads.
- Boundary markers: The instructions do not define specific delimiters for separating external data from system instructions.
- Capability inventory: No code or system tools are accessible through this skill.
- Sanitization: No explicit sanitization or validation of the external data is described in the workflow.
Audit Metadata