google-ads
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from Google Ads reports, such as search terms and campaign names, into the agent's active context (documented in
references/daily-ads-operator.mdandreferences/search-term-triage.md). There are no specific instructions for boundary markers or input sanitization to prevent malicious content within these reports from influencing the agent's behavior. The agent has powerful capabilities, including modifying campaign settings and writing to the local file system (SKILL.md,references/change-tracking.md). - [COMMAND_EXECUTION]: The skill uses a
runScripttool to execute sandboxed JavaScript for complex data correlation and summarization tasks involving GAQL results, as described inSKILL.md. - [SAFE]: The skill includes instructions in
references/change-tracking.mdfor users to manually configure a session-start hook in their platform settings. This hook is designed to trigger a local reminder utility for reviewing changes. This is a documented, user-initiated configuration for workflow management rather than a hidden persistence mechanism.
Audit Metadata