facebook-ads-library-search

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file recommends using the eval command to execute the output of a Python script while interpolating user-provided parameters (e.g., eval "$(python scripts/search-ads.py --query '{keyword}' ...)"). This pattern is highly vulnerable to shell command injection if the user-supplied input contains shell metacharacters like backticks, semicolons, or pipe symbols.
  • [REMOTE_CODE_EXECUTION]: The script scripts/search-ads.py dynamically generates JavaScript strings at runtime by embedding user parameters into a code template. This generated JavaScript is intended to be executed in a browser context. While the script uses JSON encoding for safety, the practice of generating and executing code strings dynamically is a significant security risk factor.
  • [PROMPT_INJECTION]: The skill represents an Indirect Prompt Injection surface as it fetches and processes ad text, titles, and descriptions from Meta's servers, which are controlled by external advertisers.
  • Ingestion points: Ad content is ingested via GraphQL API responses from facebook.com as part of the data extraction process in scripts/search-ads.py.
  • Boundary markers: None identified; the retrieved ad data is returned to the agent context as raw strings within a JSON object without delimiters or isolation.
  • Capability inventory: The skill has access to the browser-act tool and general network fetch capabilities.
  • Sanitization: No sanitization or filtering is performed on the extracted ad body or title fields before they are provided to the agent, allowing potential instructions embedded in ad creative copy to reach the language model.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to the official Meta GraphQL endpoint (https://www.facebook.com/api/graphql/) to retrieve advertising data, which is consistent with its stated functionality.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — facebook-ads-library-search