google-ads
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The file
SKILL.mdcontains the commandcat ~/.google-ads.yamlunder the 'Setup Check' section. This file is the standard configuration location for the Google Ads SDK and contains sensitive information including thedeveloper_token,client_secret, andrefresh_token. Executing this command exposes these plaintext credentials to the agent's context. - [DATA_EXPOSURE]: The skill explicitly targets sensitive configuration paths (
~/.google-ads.yamlandgoogle-ads.yaml) which are known to store authentication secrets for the Google Ads API. - [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the following surface:
- Ingestion points: The skill reads campaign names, keyword text, and performance data from the Google Ads UI via browser automation (
references/browser-workflows.md) and the Google Ads API (references/api-setup.md). - Boundary markers: There are no instructions or delimiters provided to the agent to treat data retrieved from the Google Ads account as untrusted or to ignore embedded instructions within ad copy or campaign names.
- Capability inventory: The skill has the ability to pause campaigns, pause keywords, and modify budgets via both API mutations and browser automation actions.
- Sanitization: There is no evidence of sanitization or validation of the strings retrieved from the Google Ads environment before they are processed or used in decision-making.
Recommendations
- AI detected serious security threats
Audit Metadata