ad-to-landing-page-auditor
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its stated purpose of auditing ad-to-landing page message match without any detected security violations.
- [COMMAND_EXECUTION]: The instructions mention the use of
meta-ad-scraperandgoogle-ad-scraperfor inventorying ads. These are referenced as tools for the agent to execute to gather data on the user's domain. - [DATA_EXPOSURE]: The skill requires an Apify API token for scraping functionality. The instructions guide the user on its requirement rather than hardcoding any credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted content from external landing pages.
- Ingestion points: Landing page content is fetched via
fetch_webpageand ad data is ingested via scrapers or CSV uploads. - Boundary markers: No specific delimiters or instructions to ignore embedded commands within the fetched content were identified in the instructions.
- Capability inventory: The skill has the capability to write files to the local system (saving reports to
clients/directory) and perform network requests. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external URLs before it is processed by the model.
Audit Metadata