competitive-ads-extractor
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Vulnerable to Indirect Prompt Injection via untrusted external data.\n
- Ingestion points: Scraped ad content from Facebook Ad Library, LinkedIn, and other external libraries (SKILL.md).\n
- Boundary markers: Absent; the instructions do not include delimiters or specific guidance for the agent to ignore instructions found within the scraped ads.\n
- Capability inventory: Network access for scraping; File system access for saving screenshots and markdown reports to
~/competitor-ads/(SKILL.md).\n - Sanitization: Absent; the skill is designed to process and analyze raw ad copy directly.\n- [EXTERNAL_DOWNLOADS] (LOW): Performs network scraping of external ad libraries. While the target domains (Facebook, LinkedIn) are typical for the use case, processing untrusted web content always carries an inherent risk of encountering malicious scripts or data.\n- [DATA_EXFILTRATION] (LOW): Writes research data and screenshots to the local file system. While this is the intended functionality, users should ensure the destination paths (
~/competitor-ads/) are appropriately restricted.
Audit Metadata