meta-ads
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the third-party NPM package '@vishalgojha/social-cli'. This dependency is not from a trusted vendor and is used to handle sensitive authentication tokens and marketing data.
- [COMMAND_EXECUTION]: The shell script 'scripts/meta-ads.sh' executes commands via the 'social' CLI. This tool has the permission to perform significant actions, such as pausing ads and modifying budgets, which could be misused if the AI agent is manipulated.
- [CREDENTIALS_UNSAFE]: The setup instructions guide users to input high-sensitivity credentials, including their Facebook 'App ID' and 'App Secret'. While these are not hardcoded in the skill files, the workflow involves managing these secrets through the agent's environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from the Meta Ads API (such as campaign names, ad names, and creative text). An attacker with control over the Meta account content could potentially craft names or text that influence the agent's interpretation or recommendations, although there is no evidence of direct code execution from this data.
Audit Metadata