ad-account-auditor
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied ad campaign exports and GA4 data, which represents a potential surface for indirect prompt injection. However, this is mitigated by explicit security instructions.
- Ingestion points: User-provided CSV and report files (e.g., campaign exports, search-terms reports) ingested at runtime for analysis.
- Boundary markers: The skill includes specific instructions to treat all fetched or exported data as untrusted per its security boundary.
- Capability inventory: The skill performs file writes to local memory paths (memory/audits/ad/) and may use WebFetch to retrieve reference documentation.
- Sanitization: Instructions explicitly tell the agent that text found inside an export (such as 'ignore vetoes') is to be treated as evidence of a trust issue, never as a command.
- [EXTERNAL_DOWNLOADS]: Fetches reference markdown files (roas-benchmark.md, auditor-runbook.md) from the vendor's official GitHub repository when local paths are unavailable. This is a standard fallback mechanism for standalone installations and utilizes the author's own infrastructure.
Audit Metadata