facebook-ads
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official Membrane command-line tool (@membranehq/cli) from the public NPM registry to enable interaction with the platform.
- [COMMAND_EXECUTION]: Relies on the execution of 'membrane' CLI commands to perform administrative tasks, such as authenticating users, creating connections, and running marketing actions.
- [DATA_EXFILTRATION]: Facilitates access to and retrieval of sensitive business data from Facebook Ads, including campaign details and insights, using the vendor's infrastructure for secure credential management.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data retrieved from the Facebook Marketing API, which represents an ingestion surface for untrusted external content.
- Ingestion points: Data returned from 'membrane action run' and 'membrane action list'.
- Boundary markers: None specified in the provided instruction set.
- Capability inventory: Command execution via CLI and network operations through the Membrane platform.
- Sanitization: No specific sanitization or validation logic is defined for the API output.
Audit Metadata