google-ads
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses the
~/.google-ads.yamlconfiguration file, which is a standard repository for sensitive API credentials. - Evidence:
SKILL.mdcontains an instruction to executecat ~/.google-ads.yamlto verify the setup, which risks exposing raw developer tokens, client secrets, and refresh tokens to the agent's context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data ingested from the Google Ads platform.
- Ingestion points: The agent reads campaign names, keyword text, and performance metrics from the browser tool (snapshots of
ads.google.com/aw/campaigns) and theGoogleAdsServiceAPI search results. - Boundary markers: Absent. There are no instructions or delimiters designed to prevent the agent from being influenced by instructions embedded within ad campaign data.
- Capability inventory: The skill possesses high-privilege capabilities including pausing campaigns, pausing keywords, and modifying budgets via the API (
mutateoperations) and browser automation. - Sanitization: Absent. No evidence of input validation or sanitization is present for data retrieved from the external platform before it is used to make operational decisions.
- [EXTERNAL_DOWNLOADS]: The skill references the official
google-adsPython SDK from PyPI. This is a well-known service provided by Google for API integration.
Audit Metadata