Skills
skills/adkit/skills/google-ads-strategy/Gen Agent Trust Hub

google-ads-strategy

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the shell command adkit status to verify the installation of the vendor's CLI tool. While this is a vendor-owned resource related to the skill's functionality, it represents an automated command execution pattern.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from the local environment and applies it to its logic without sanitization.
  • Ingestion points: The agent is instructed to search for and read the content of ad-process.md and ad-brief.md from the project directory in SKILL.md.
  • Boundary markers: None. The skill lacks instructions to delimit the content or ignore potentially malicious instructions embedded in these configuration files.
  • Capability inventory: The skill has the ability to execute shell commands (e.g., adkit status).
  • Sanitization: No validation or sanitization is performed on the data read from the local files before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 03:45 AM