Trust Assessment
google-ads received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Google Ads API credential exposure, Broad browser automation permissions.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. The llm_behavioral_safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Google Ads API credential exposure The skill's 'API Mode Setup Check' explicitly includes a `cat ~/.google-ads.yaml` command. If an agent executes this command as part of its operation, it will directly expose the user's Google Ads API credentials (developer tokens, OAuth secrets, etc.) from their home directory. This sensitive information could then be inadvertently included in the agent's response or logs, leading to a critical data exfiltration and credential harvesting vulnerability. Remove the `cat ~/.google-ads.yaml` command. Instead of directly reading the configuration file, the agent should rely on the `google-ads` SDK's `load_from_storage()` method and handle exceptions to determine if the configuration is present and valid, without exposing its contents. If a check for file existence is needed, use `ls` or `test -f` without printing the file's content. | Unknown | SKILL.md:52 | |
| HIGH | Broad browser automation permissions The skill describes workflows requiring the agent to use a `browser` tool with `profile="chrome"`. This implies the agent will have extensive access to the user's active browser session, including logged-in accounts on sensitive websites like `ads.google.com`. This level of access grants the agent significant control over the user's browser, enabling actions such as navigating, interacting with UI elements, and potentially downloading files. Such broad permissions pose a high risk for unauthorized actions, data exfiltration, or session hijacking if the agent's instructions are compromised or if the agent misinterprets user intent. Implement strict sandboxing or domain restrictions for the `browser` tool. Ensure that the agent's interaction with the browser is always explicit, transparent to the user, and requires clear user consent for sensitive actions. Consider using a dedicated, isolated browser profile or a headless browser environment for agent interactions to prevent interference with the user's primary browsing session and to limit access to sensitive cookies/sessions. | Unknown | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/d824fa3c2d499dca)
Powered by SkillShield