ads
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external content.
- Ingestion points: Commands
/ads dna <url>(website extraction) and/ads update(external feed aggregation) documented inSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands were found in the orchestration or intake logic.
- Capability inventory: Significant capabilities including account orchestration via subagent forks, automated image generation via
generate_image.py, and PDF report generation viascripts/generate_report.py. - Sanitization: There is no evidence of sanitization or validation of the data extracted from external websites or ad platforms before it is interpolated into the agent context.
Audit Metadata