competitive-ads-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection due to its design of ingesting untrusted external data (ad copies from Facebook and LinkedIn) and performing high-privilege operations like writing to the local filesystem. 1. Ingestion points: External ad libraries. 2. Boundary markers: Absent in instructions. 3. Capability inventory: Web scraping and local file writing (~/competitor-ads/). 4. Sanitization: None described. A malicious actor could embed commands in an ad that the agent might execute while processing.
- NO_CODE (INFO): The skill contains only documentation and instructions in a Markdown file with no provided source code or executable scripts, making it a purely instructional skill for an agent to interpret.
Recommendations
- AI detected serious security threats
Audit Metadata