facebook-ads-library-search
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile recommends using theevalcommand to execute the output of a Python script while interpolating user-provided parameters (e.g.,eval "$(python scripts/search-ads.py --query '{keyword}' ...)"). This pattern is highly vulnerable to shell command injection if the user-supplied input contains shell metacharacters like backticks, semicolons, or pipe symbols. - [REMOTE_CODE_EXECUTION]: The script
scripts/search-ads.pydynamically generates JavaScript strings at runtime by embedding user parameters into a code template. This generated JavaScript is intended to be executed in a browser context. While the script uses JSON encoding for safety, the practice of generating and executing code strings dynamically is a significant security risk factor. - [PROMPT_INJECTION]: The skill represents an Indirect Prompt Injection surface as it fetches and processes ad text, titles, and descriptions from Meta's servers, which are controlled by external advertisers.
- Ingestion points: Ad content is ingested via GraphQL API responses from
facebook.comas part of the data extraction process inscripts/search-ads.py. - Boundary markers: None identified; the retrieved ad data is returned to the agent context as raw strings within a JSON object without delimiters or isolation.
- Capability inventory: The skill has access to the
browser-acttool and general networkfetchcapabilities. - Sanitization: No sanitization or filtering is performed on the extracted ad body or title fields before they are provided to the agent, allowing potential instructions embedded in ad creative copy to reach the language model.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to the official Meta GraphQL endpoint (
https://www.facebook.com/api/graphql/) to retrieve advertising data, which is consistent with its stated functionality.
Audit Metadata