google-search-ads-builder
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it fetches and processes untrusted data from multiple external sources to generate ad copy and campaign strategy.
- Ingestion points: External competitor websites via
fetch_webpage(Phase 1B), review sites (Phase 1C), Reddit threads via Apify (Phase 1D), and Hacker News comments via API (Phase 1E). - Boundary markers: Absent; there are no instructions for the agent to ignore or delimit potentially malicious instructions embedded in the external text.
- Capability inventory: The skill possesses the capability to write findings and campaign files to the local filesystem (Phase 7).
- Sanitization: Absent; the skill does not specify any validation or filtering for the external content before it is used in the LLM's reasoning process.
- [COMMAND_EXECUTION]: The skill instructs the agent to write campaign data and CSV import files directly to the user's current working directory (Phase 7B).
Audit Metadata