google-search-ads-builder
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses web search and page fetching tools to retrieve data from external websites for competitor analysis and keyword research. This involves processing untrusted remote content.
- [COMMAND_EXECUTION]: The skill performs local file system operations by saving campaign strategy documents and CSV import files to a specific directory structure on the local disk.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection risks. It ingests data from external websites and uses this information to generate ad copy and campaign structures. Malicious content on these external sites could attempt to influence the agent's output.
- Ingestion points: External data is gathered from search engine results and competitive landing pages via web tools.
- Boundary markers: The skill does not provide specific delimiters or instructions to the agent to treat fetched web content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill can perform web searches, fetch web pages, and write files to the local file system.
- Sanitization: No explicit steps are included to sanitize or validate the content retrieved from external sources before it is processed by the language model.
Audit Metadata