ads-youtube
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external Google Ads export files (ingestion point:
SKILL.mdstep 1). This presents an indirect prompt injection surface where malicious instructions could be embedded in campaign names or metadata. Evidence: The process explicitly instructs the agent to 'Collect YouTube Ads data (Google Ads export)'. Capability inventory: The skill is limited to reading files and generating reports, with no evidence of subprocess execution or network access, which significantly mitigates potential impact. Sanitization: No explicit sanitization or boundary markers are defined for the imported data.
Audit Metadata