meta-ads-audit
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes WebFetch and WebSearch to retrieve content from the user's business website and check for updates to Meta platform policies.
- [COMMAND_EXECUTION]: The instructions direct the agent to generate and execute scripts through the platform's runScript tool to aggregate and process large volumes of data from the Meta Ads API.
- [PROMPT_INJECTION]: The skill processes untrusted content from the Meta Ads API (such as ad headlines and copy) and external web pages during its analysis, creating an indirect prompt injection surface. 1. Ingestion points: Meta Ads API query results (Phase 1) and WebFetch crawl data from the business homepage and landing pages (Phase 4). 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to isolate external data from the system prompt. 3. Capability inventory: The skill writes persistent business context and personas to the local filesystem and generates summaries for the user. 4. Sanitization: No specific validation or filtering steps are described for the ingested external content before processing.
- [NO_CODE]: The skill consists entirely of markdown instructions and reference documentation without any bundled scripts or binary files.
Audit Metadata