meta-ads-control
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains deceptive metadata and licensing information that misrepresents its origin. Both
SKILL.mdandLICENSE.txtclaim authorship and copyright by "OpenAI", a trusted organization, while the actual author is "tristanmanchester". This impersonation of a trusted vendor could lead to a misjudgment of the skill's safety and provenance. - [DATA_EXFILTRATION]: The
scripts/meta_ads.pyscript includes functionality to read arbitrary local files via the--params-fileflag or the@filesyntax in the--setargument. These files can be uploaded to Meta's servers using theuploadcommand or sent as parameters in API requests. This creates a surface for data exposure and exfiltration of sensitive local information if an agent is manipulated into reading system or credential files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from the Meta Marketing API.
- Ingestion points: External data is ingested from the Meta Graph API via the
insights,list,get, andrequestsubcommands inscripts/meta_ads.py. - Boundary markers: No explicit delimiters or instructions are used within the script's output to separate API-returned content from agent instructions.
- Capability inventory: The skill possesses the capability to perform network mutations (POST/PUT requests) to the Meta API and read/write local files (via
scripts/meta_ads.py). - Sanitization: There is no evidence of sanitization or filtering of the content received from the external API before it is presented to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata