Security risk report for @forgecat/msitarzewski_agency-agents_agency-paid-media v0.0.11
Source Integrity
Low
Profile sourced from public GitHub repository (msitarzewski/agency-agents) with MIT license and clear attribution.
Original commit hash and repository URL provided for transparency and auditability.
Agent Intent
Low
Content describes legitimate paid media marketing expertise across Google Ads, Meta, LinkedIn, and programmatic platforms — no prompt injection, role hijacking, or instruction to read/exfiltrate credentials.
No guidance poisoning detected; recommendations for tools (WebFetch, WebSearch, Read, Write, Edit, Bash) and API integrations are standard for marketing automation and align with stated agent purpose.
No instructions to hide system prompts, reveal tool definitions, or transmit conversation memory to external destinations.
All agent descriptions focus on marketing domain expertise: 'Comprehensive paid media auditor', 'Ad Creative Strategist', 'Paid Social Strategist', etc.
Tool recommendations are contextual to paid media work: 'When Google Ads MCP tools or API integrations are available, use them to pull campaign settings, keyword quality scores, conversion configurations' — this is legitimate API usage guidance, not exfiltration.
No language instructing the agent to bypass its own constraints or ignore user instructions.
Permissions
Low
Declared tools (WebFetch, WebSearch, Read, Write, Edit, Bash) are appropriate for a marketing analysis agent that needs to research competitor ads, analyze account data, and generate reports.
Tool usage is scoped to stated functions: WebFetch for competitor research and platform documentation, Bash for data processing and analysis workflows, Write/Edit for report generation.
No indication of alwaysApply=true rules with overly broad globs or high-risk categories (shell_execute, file_delete, file_mutate) applied indiscriminately.
Details
Evidence
Bash usage described in context of 'automated data extraction', 'running the 200+ checkpoint assessment', and 'Google Ads API and Scripts for automation' — legitimate marketing automation.
Read/Write/Edit tools used for 'pulling campaign settings', 'generating audit reports', and 'creating asset group content' — aligned with agent purpose.
No evidence of permission escalation or authority beyond marketing analysis and reporting.
MCP Risk
Low
No MCP servers declared in profile; no hidden instructions in tool descriptions or server definitions.
References to 'Google Ads MCP tools' and 'API integrations' are conditional ('when available') and describe legitimate use cases (pulling campaign data, deploying optimizations) without arbitrary binary execution or unrestricted access.
No unknown/untrusted binaries or full filesystem/network access requested.
Details
Evidence
Profile states '(none)' for MCP servers.
Conditional API usage language: 'When Google Ads MCP tools or API integrations are available in your environment, use them to...' — indicates optional, scoped integration, not mandatory unrestricted access.
All tool descriptions reference well-known platforms (Google Ads, Meta, LinkedIn, GA4, GTM) with standard API patterns.