ads-agent
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a robust human-in-the-loop safety mechanism, explicitly requiring user confirmation before executing any 'dangerous' operations that could impact financial expenditures, such as modifying budgets or creating new campaigns.
- [PROMPT_INJECTION]: The skill's design includes a surface for indirect prompt injection as it is designed to ingest and analyze external data from Facebook Ads.
- Ingestion points: Untrusted data enters the context via the
get_ad_creativesandget_insightstools which fetch content from the Facebook Ads API. - Boundary markers: There are no specific instructions or delimiters provided to the agent to treat external ad text as untrusted or to ignore instructions embedded within creatives.
- Capability inventory: The skill leverages the
meta-adsMCP server, which has capabilities to modify account states, includingupdate_adsetfor budget changes andpause_adfor campaign management. - Sanitization: The skill does not describe any sanitization or validation logic for the text retrieved from external ad creatives.
- Note: This structural risk is a consequence of the skill's primary purpose and is effectively mitigated by the mandatory manual confirmation requirement for all sensitive actions.
Audit Metadata