competitive-ads-extractor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface by processing external, untrusted content from the web and possessing file-system write capabilities. * Ingestion points: Scraped ad text and metadata from Facebook Ad Library and LinkedIn. * Boundary markers: Absent; the documentation does not specify any delimiters to isolate external data from the agent's core instructions. * Capability inventory: File system write access, as the skill is designed to create directories and save analysis files/screenshots in the user's home directory (~/competitor-ads/). * Sanitization: Absent; there is no mention of sanitizing, escaping, or validating the scraped content before it is passed to the agent's reasoning engine, which could lead to the execution of malicious instructions embedded in ad copy.
Recommendations
- AI detected serious security threats
Audit Metadata