ad-copy-generation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The GitHub URL points to a normal public repository (low risk for downloads if it contains code and no signed binaries), but googleadsagent.ai is an unverified, Google-branded-looking .ai domain that could be impersonation/typosquatting and is therefore suspicious as a download source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's implementation and architecture explicitly call out scraping and analyzing external landing pages and competitor ads—e.g., generateAdCopy invokes scrapeLandingPage(landingPageUrl) and analyzeCompetitorAds(keywords) in SKILL.md—so the agent ingests untrusted public web content (landing pages and competitor ads) that can influence generation and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls scrapeLandingPage(landingPageUrl) at runtime and injects the scraped landingPageContent into the generation pipeline, so arbitrary external URLs (the user-supplied landingPageUrl) can directly control prompts and generation context.