Skills
skills/hainrixz/claude-ads/ads-start/Gen Agent Trust Hub

ads-start

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute local Python scripts (scripts/profile.py and various scripts in scripts/api/) for managing user configuration and performing API connectivity checks.
  • [EXTERNAL_DOWNLOADS]: The onboarding process includes instructions and URLs for external services such as Meta for Developers, Google Ads, and TikTok Ads to facilitate account setup and integration.
  • [PROMPT_INJECTION]: The skill ingests user input through AskUserQuestion and interpolates it into shell commands for profile management. While this creates a potential surface for indirect injection, the skill mitigates this by instructing the agent to map inputs to specific fixed values or numeric midpoints.
  • [SAFE]: The skill implements a strict security policy (Rule 3) forbidding the storage of secrets like tokens or API keys in the local profile, instead directing them to environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 08:37 AM
Security Audit — agent-trust-hub — ads-start