google-ads-budget
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting external campaign names and metrics from the Google Ads API and manual exports. This data is interpolated into budget reallocation drafts without explicit boundary delimiters or sanitization. If campaign names or metric fields are manipulated to contain instructions, they could influence agent behavior during file generation.
- Ingestion points: Campaign data retrieved via the
google-ads-mcpsearch tool and manual user exports. - Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when processing external data.
- Capability inventory: Writing and updating markdown files in the
workspace/ads/drafts/directory. - Sanitization: Data is used directly in templates without validation or escaping.
- [SAFE]: No hardcoded credentials, unauthorized network operations, or malicious obfuscation techniques were detected. The skill uses legitimate local file paths and standardized MCP tools for data acquisition.
Audit Metadata