Skills
skills/nowork-studio/toprank/meta-ads-audit/Gen Agent Trust Hub

meta-ads-audit

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites to derive business context and customer personas. Malicious instructions on a crawled website could influence agent behavior.
  • Ingestion points: WebFetch calls in references/business-context.md and references/persona-discovery.md that crawl the homepage, about page, and landing pages.
  • Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted or to use delimiters.
  • Capability inventory: The skill has access to the Meta Ads API, file system writes to {data_dir}, and the runScript tool for logic execution.
  • Sanitization: Absent; the skill directly extracts and merges content from website crawls into persistent JSON configuration files.
  • [COMMAND_EXECUTION]: The skill utilizes dynamic script generation and execution patterns. In Phase 1, it instructs the agent to use the runScript tool to dynamically construct and execute logic for querying and aggregating data from the Meta Ads API. While used for data analysis, building and running code at runtime represents a surface for injection if external data (such as campaign names) is not properly handled.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 06:43 AM