ads-cli
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses a sensitive local configuration file containing API credentials and exposes a specific customer account identifier.\n
- Evidence:
src/google.pydefinesyaml_pathas~/google-ads.yamland usesGoogleAdsClient.load_from_storageto read it. This file is the standard location for sensitive Google Ads API credentials, including OAuth2 tokens.\n - Evidence: The skill hardcodes a specific Google Ads Login Customer ID (
6445466801) as a default value insrc/google.pyandSKILL.md, which identifies the author's account.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through unvalidated CLI inputs that are interpolated into API queries.\n - Ingestion points: CLI options such as
--campaign-id,--targeting, and--objectiveincli.pyaccept external data that is passed directly to the unified client.\n - Boundary markers: There are no markers or instructions used to isolate untrusted data from functional API parameters or query logic.\n
- Capability inventory: The skill has permissions to create, modify, and pause campaigns, as well as fetch financial and performance data across multiple platforms.\n
- Sanitization: Minimal sanitization is applied (e.g.,
strip(),replace()), but there is no escaping or parameterization for the Google Ads Query Language (GAQL) used insrc/google.py.\n - Evidence: In
src/google.py, thecampaign_idis directly interpolated into a GAQL query:f"SELECT ... WHERE campaign.id = {campaign_id_str}". This allows for query manipulation where an attacker could potentially inject GAQL clauses to access or modify unauthorized campaign information.
Audit Metadata