ads-attribution
Pass
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to collect sensitive marketing configuration data, including 'Meta CAPI config', 'sGTM container', and 'GA4 property ID'. While this is central to the skill's purpose of performing an attribution audit, these configurations often contain persistent access tokens and API keys. Accessing this data creates a surface for potential credential exposure.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes data from external, potentially attacker-controlled sources such as MMP dashboards (AppsFlyer, Adjust, etc.) and web analytics platforms.
- Ingestion points: Data enters the agent's context through the 'MMP dashboard', 'Meta CAPI config', and 'GA4 property' during the collection process.
- Boundary markers: There are no explicit delimiters or instructions provided to ignore or sanitize embedded instructions within the ingested marketing data.
- Capability inventory: The skill involves reading local files ('ads/references/conversion-tracking.md') and generating output reports ('ATTRIBUTION-AUDIT.md').
- Sanitization: No sanitization or validation of the retrieved external content is mentioned before it is processed or included in reports.
Audit Metadata