The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches content from external sources including the Meta Ad Library, Google Ads Transparency Center, and arbitrary competitor landing pages during its analysis phases.
[COMMAND_EXECUTION]: The skill instructions suggest using curl as a fallback for fetching webpage content, which creates a surface for command injection if the URLs retrieved from external sources contain malicious shell metacharacters.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from competitor-controlled ad platforms and websites.
Ingestion points: Ad headlines, primary text, and full landing page content retrieved via web_search, fetch_webpage, or curl (as described in SKILL.md).
Boundary markers: Not present; the skill does not instruct the agent to use delimiters or security-specific prompts when handling external content.
Capability inventory: The skill utilizes web_search, fetch_webpage, and curl to interact with external web environments.
Sanitization: No sanitization or data validation steps are mentioned for the fetched content prior to analysis by the agent.

competitor-ad-intelligence