google-ad-scraper
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to install the 'requests' library using pip. This is a standard dependency for performing the script's intended network operations.
- [COMMAND_EXECUTION]: The skill provides documentation and examples for executing a local Python script ('search_google_ads.py') to perform search and scraping tasks.
- [DATA_EXFILTRATION]: The script performs network operations to 'api.apify.com' to trigger scraping runs and retrieve datasets. Apify is a well-known service for web automation and data extraction, and these calls are necessary for the skill's functionality.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted content (ad headlines, descriptions, and text) from the Google Ads Transparency Center.
- Ingestion points: Data is fetched from the Apify API in 'scripts/search_google_ads.py' and returned to the agent.
- Boundary markers: There are no boundary markers or instructions to the agent to treat the scraped content as untrusted data.
- Capability inventory: The skill has the capability to perform network requests via the 'requests' library and interact with remote scraping actors.
- Sanitization: The script does not perform any sanitization, escaping, or validation of the text scraped from external ads before presenting it to the agent.
Audit Metadata