paid-ads
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions specify that the agent should read from
.claude/product-marketing-context.mdif it exists. This ingestion of external data creates a surface for indirect prompt injection where instructions hidden in the context file could influence the agent's behavior. - Ingestion points: The local file
.claude/product-marketing-context.mdis accessed at the start of the task to gather campaign context. - Boundary markers: The skill does not provide any specific delimiters or instructions for the agent to ignore potentially malicious commands embedded within the context file.
- Capability inventory: The skill is intended to be used with tools for high-impact advertising platforms such as Google Ads, Meta Ads, and LinkedIn Ads, which could be misconfigured if the agent follows injected instructions.
- Sanitization: No sanitization or validation logic is specified for the information ingested from the context file.
Audit Metadata