search-ad-keyword-architect
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands where user-provided inputs (such as product names, website URLs, and competitor domains) are interpolated directly into the command string. If the agent does not properly sanitize these inputs, a malicious user could attempt command injection.
- Evidence: Multiple instances in
SKILL.md, such aspython3 skills/review-scraper/scripts/scrape_reviews.py --product "<your product>". - [PROMPT_INJECTION]: The skill implements an architecture that ingests and processes untrusted data from external sources like Reddit, Hacker News, and public review platforms (G2, Capterra). This creates an attack surface for indirect prompt injection, where malicious instructions embedded in web content could influence the agent's behavior.
- Ingestion points: Reddit posts, Hacker News stories, and G2/Capterra reviews.
- Boundary markers: None identified in the prompt instructions to the agent to distinguish between data and instructions.
- Capability inventory: The skill has the ability to execute shell commands via Python scripts and write files to the local file system (e.g., in the
clients/directory). - Sanitization: No sanitization or filtering of the ingested external content is specified before the agent processes it for 'language mining'.
Audit Metadata