google-ads-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill performs a runtime website crawl via WebFetch of the business’s final URLs (homepage/about/services/top landing pages) and then extracts visible text from those fetched pages into business-context.json, which is outsider-authored free text from arbitrary external websites.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime fetches that inject external content into the agent context — it calls the server resource notfair://playbooks/audit-account as a baseline script during runScript and issues WebFetch calls against the audited site's root and ad landing pages (e.g., ad final URLs like https://example.com) to populate business-context.json, so these runtime-fetched resources can directly influence agent prompts/behavior.