google-ads-negatives
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a local shell script at
scripts/negative-inventory.shto verify existing negative keyword inventory. - [PROMPT_INJECTION]: The skill processes untrusted external data (Google Ads search terms), creating an indirect prompt injection surface.
- Ingestion points: Untrusted search term data enters the agent context via the
google-ads-mcpsearch tool (specifically from thesearch_term_view.search_termfield). - Boundary markers: The prompt lacks explicit delimiters or instructions to treat the search term data as untrusted or to ignore embedded instructions within that data.
- Capability inventory: The agent has capabilities to write to the
workspace/directory, update workspace memory files, and execute thescripts/negative-inventory.shshell script. - Sanitization: No sanitization or filtering logic is specified for the search term data before it is processed by the agent.
Audit Metadata