Skills
skills/nowork-studio/toprank/google-ads-landing/Gen Agent Trust Hub

google-ads-landing

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted HTML and text data from external landing pages via the WebFetch tool.
  • Ingestion points: Fetched landing page content from user-supplied or discovered URLs in Phase 2.
  • Boundary markers: Not explicitly defined; the instructions do not specify delimiters to isolate external content from the agent's instructions.
  • Capability inventory: The skill utilizes runScript for Google Ads Query Language (GAQL) operations and WebFetch for external network requests.
  • Sanitization: No specific filtering or escaping is mentioned for the ingested HTML content before processing.
  • [EXTERNAL_DOWNLOADS]: The skill fetches diagnostic data from the official Google PageSpeed Insights API (googleapis.com). This uses a well-known service for its intended analytical purpose and is considered safe.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads and writes to local files including business-context.json and landing-page-history.json. These operations are transparently described as necessary for retrieving business goals and maintaining an audit trail.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 09:15 PM