competitive-ads-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from external sources (Facebook/LinkedIn ads) and passes it directly to the agent for 'messaging analysis.'
- Ingestion points: Facebook Ad Library, LinkedIn, and other external web platforms.
- Boundary markers: Absent; the skill does not define delimiters to separate ad content from system instructions.
- Capability inventory: Extensive filesystem writes (saving screenshots and reports to
~/competitor-ads/) and network scraping capabilities. - Sanitization: Absent; the instructions prioritize full extraction and deep analysis of untrusted text.
- COMMAND_EXECUTION (MEDIUM): The skill executes automated scraping and screenshot capturing tasks. While standard for this use case, the ability to write arbitrary content to the home directory (~/) provides a high-impact primitive if the agent is compromised via the aforementioned prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata