google-ads-daily
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to analyze Google Ads performance data. It retrieves this data using a specialized MCP tool (
google-ads-mcp) and stores findings in a local workspace (workspace/ads/). - [PROMPT_INJECTION]: While the skill ingests untrusted data from Google Ads (campaign names, status, exports) which represents a surface for indirect prompt injection, this behavior is essential to its primary purpose and no evidence of malicious exploitation is present.
- Ingestion points: Data retrieved via the
google-ads-mcpsearch tool and manual user exports. - Boundary markers: Not explicitly defined in the instructions.
- Capability inventory: The skill is designed to read and write files within the
workspace/ads/directory. - Sanitization: Standard LLM processing is used; no specialized sanitization logic is described.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transfer was found. All data operations are confined to the official Google Ads API (via MCP) and the local workspace.
- [COMMAND_EXECUTION]: The skill uses domain-specific GAQL queries to interact with the Google Ads API, which does not constitute arbitrary command execution.
Audit Metadata