The Agent Skills Directory

[SAFE]: The skill's operations are consistent with its stated purpose of auditing Google Ads. It uses standard methods for data acquisition and local file management without attempting unauthorized actions.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted content from external landing pages. Ingestion points: Content is retrieved from landing page URLs using the web_fetch and browser tools as defined in SKILL.md. Boundary markers: The instructions lack specific delimiters or warnings to the agent to disregard instructions found within the fetched web content. Capability inventory: The agent has the capability to write findings and draft reports to the workspace/ads/ directory. Sanitization: There is no evidence of input validation or escaping for the data fetched from external web pages before it is processed into reports.

google-ads-landing-review