The Agent Skills Directory

[SAFE]: The skill is designed for auditing advertising account configurations and performance metrics (Meta, TikTok, Google, Zalo). All instructions are aligned with this stated purpose.
[DATA_EXPOSURE]: The skill requests that the user provides performance data (Spend, CPM, CTR, ROAS) or uses Model Context Protocol (MCP) integrations to retrieve it. This behavior is expected for an auditing tool and does not involve unauthorized exfiltration of sensitive system files or credentials.
[EXTERNAL_DOWNLOADS]: The skill references several external MCP servers for data retrieval, including official sources (Meta Official MCP at mcp.facebook.com/ads) and third-party tools (Pipeboard, Adspirer). These references are documented as options for the user to connect to their own ad accounts and do not execute untrusted remote code autonomously.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it processes external data (campaign names, ad text, performance stats). While a malicious actor could embed instructions in ad campaign metadata, the skill primarily outputs markdown reports, which limits the risk of automatic execution. Standard safeguards are recommended for data ingestion.

21-audit-ads-performance