Skills
skills/gooseworks-ai/goose-skills/google-ad-scraper/Gen Agent Trust Hub

google-ad-scraper

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources (Google Ads), creating a surface for indirect prompt injection. \n
  • Ingestion points: Ad creatives and campaign metadata fetched from Apify actors in scripts/search_google_ads.py. \n
  • Boundary markers: None used; scraped text is returned directly to the agent. \n
  • Capability inventory: The script uses the requests library for network operations and outputs scraped data to stdout. \n
  • Sanitization: No sanitization or filtering of external content is performed before processing. \n- [COMMAND_EXECUTION]: The script scripts/search_google_ads.py assembles a JavaScript function string at runtime to be executed by a remote Apify actor. This constitutes script generation for remote execution. \n- [DATA_EXFILTRATION]: The skill transmits user-provided API tokens to the official Apify API or the vendor proxy at api.gooseworks.ai as part of its normal operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM