paid-ads
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is susceptible to manipulation via poisoned context files which can lead to unauthorized advertising actions.\n
- Ingestion points: References reading
.claude/product-marketing-context.mdin the 'Before Starting' section.\n - Boundary markers: Absent; the agent is instructed to use the context directly for tasks without clear delimiters between user data and instructions.\n
- Capability inventory: Explicit mention of 'direct access to ad platform accounts' and capability to 'create, optimize, and scale' campaigns on Google Ads, Meta, LinkedIn, etc., posing high financial and reputational risk if misused.\n
- Sanitization: Absent; no instructions for identifying or ignoring malicious directives within the external context file.\n- [No Code] (INFO): The skill consists entirely of instructional markdown without accompanying executable scripts.
Recommendations
- AI detected serious security threats
Audit Metadata