03-performance-eval-global
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through its data ingestion and processing workflows.
- Ingestion points: The skill ingests untrusted data from user inputs (KPIs, issue descriptions) and automated data pulls from external advertising platforms (Meta, Google, TikTok) via MCP servers like
mcp.facebook.com/adsandAdspirer ads-mcp. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between the skill's core instructions and the external marketing data it processes, nor are there warnings to ignore potential instructions embedded within the data.
- Capability inventory: The skill utilizes specialized tools to access advertising insights (e.g.,
ads_insights_performance_trend,ads_insights_anomaly_signal) and read context from.agents/product-marketing-context-global.md. - Sanitization: The instructions do not specify any validation, filtering, or sanitization of the data retrieved from external platforms before it is used to generate diagnostic scores and action plans.
Audit Metadata