Skills
skills/nowork-studio/toprank/ads-landing/Gen Agent Trust Hub

ads-landing

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes GAQL queries through the runScript tool to access Google Ads account data, such as ad group performance and conversion metrics.\n- [DATA_EXFILTRATION]: The skill uses WebFetch to connect to external landing page URLs and the Google PageSpeed Insights API. While the API call targets a well-known and trusted service, the fetching of arbitrary landing pages constitutes network activity to non-whitelisted domains.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it retrieves and interprets untrusted HTML content from external sources.\n
  • Ingestion points: External HTML content is ingested via WebFetch in Phase 2 of the skill execution.\n
  • Boundary markers: There are no explicit markers or instructions provided to delimit or ignore instructions that may be embedded within the external content.\n
  • Capability inventory: The agent can execute Ads API queries (runScript), perform network fetches (WebFetch), and record data to local history files.\n
  • Sanitization: No specific logic is defined to sanitize or filter the fetched HTML text before the agent processes it to identify headlines and call-to-action details.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 07:51 AM