competitive-ads-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze untrusted external content (ad copy and messaging) from public platforms.
- Ingestion points: Web scraping of Facebook Ad Library and LinkedIn ads as described in the 'What This Skill Does' section.
- Boundary markers: None detected. The skill instructions do not specify any delimiters or instructions to the agent to ignore embedded commands within the scraped data.
- Capability inventory: The skill performs file system write operations (saving to
~/competitor-ads/) and potentially network operations for scraping. - Sanitization: No sanitization or validation of the ingested text is mentioned. An attacker could place malicious instructions in an ad's copy to hijack the agent during the 'Analyzing messaging' phase.
Recommendations
- AI detected serious security threats
Audit Metadata