Back to skill

Security audit

Google Ads

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for Google Ads work, but it gives an agent sensitive account access and live campaign-changing workflows without enough guardrails.

Review this skill carefully before installing. Only use it with a Google Ads account where the agent is allowed to view reports and make changes, avoid printing credential files into chat or logs, and require explicit confirmation before any budget, pause, keyword, export, download, Google Sheets, or email-scheduling action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is very broad and overlaps with ordinary requests to check performance, optimize campaigns, or audit ads accounts, making it easy for an agent to invoke this skill in situations the user did not explicitly intend. Because the skill supports both browser automation and API-driven account changes, over-broad routing increases the chance of unintended access to sensitive advertising data or unintended modifications such as pausing campaigns.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The browser workflow instructs the agent to download reports directly to the user's Downloads folder without an explicit warning or confirmation about writing files locally. In a sensitive context like ad account management, this can create unnoticed local artifacts containing campaign, spend, keyword, and conversion data, increasing privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation includes ready-to-run mutation examples that pause campaigns, pause keywords, and update budgets, but it does not explicitly warn that these actions change live ad account state and can disrupt spend, delivery, and business operations. In the context of an agent skill designed to optimize Google Ads accounts, omission of confirmation/preview guidance increases the chance of accidental destructive actions by users or downstream agents.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow instructs users to export Google Ads reports to CSV, XLSX, or Google Sheets and to schedule reports to email recipients, but it does not warn that these actions create local copies or transmit potentially sensitive performance and account data externally. In a browser automation skill, omission of data-handling warnings increases the chance of unintentional data exfiltration, especially when users may assume actions are limited to in-product analysis.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.