meta-ads-analyzer

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data such as CSV exports and screenshots for analysis. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the analyzed data. However, this is inherent to the skill's primary purpose and no evidence of bypass or exfiltration logic was found.\n
  • Ingestion points: Campaign data inputs such as CSV exports, performance tables, and screenshots (SKILL.md).\n
  • Boundary markers: No specific delimiters or boundary markers are defined in the instructions to isolate untrusted data.\n
  • Capability inventory: Interaction with the 'meta-ads' MCP server for fetching campaign insights and recommendations (eval/eval.json).\n
  • Sanitization: No specific data sanitization or filtering logic is described; the skill relies on standard model processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — meta-ads-analyzer