08-nghien-cuu-doi-thu
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely instructional and consists of Markdown templates. It does not contain any executable scripts, binaries, or automated shell commands.\n- [DATA_EXPOSURE]: The skill references the use of Facebook access tokens (
ads_read) for advertising insights. It correctly directs users to configure these integrations through official platform settings (claude.ai/settings/integrations), avoiding the risk of hardcoded credentials or unsafe secret handling.\n- [EXTERNAL_DOWNLOADS]: The skill mentions external tools such asfacebook-ads-library-mcpand provides a link to what it describes as an official Meta MCP (mcp.facebook.com/ads). While the specific URL appears to be a placeholder or a non-standard subdomain, the instructions lead the user to official integration interfaces, minimizing risk.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze competitor content from external platforms (Facebook Ads, TikTok, SimilarWeb). This naturally introduces a surface for indirect prompt injection if external advertising content contains malicious instructions.\n - Ingestion points: External ad libraries and competitor social media content via MCP integrations.\n
- Boundary markers: No specific delimiters (like triple backticks or XML tags) are mandated for the external content in the provided prompts.\n
- Capability inventory: The skill is limited to analysis and report generation in Markdown; it does not authorize file system modifications or remote command execution based on the ingested data.\n
- Sanitization: No explicit sanitization or filtering of external content is defined in the instructions.
Audit Metadata