adcp-creative

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from arbitrary third-party URLs — e.g., asset "url" fields in creative_manifest (like https://cdn.example.com/banner.png) and the "brand" domain resolution to retrieve a brand.json as described in the "Brand identity" section — and the agent is expected to read and use that content to guide creative generation/transformations, so untrusted content could influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires contacting the creative agent at https://creative.adcontextprotocol.org at runtime (the required agent_url in format_id) and resolves domains to fetch a brand.json, meaning remotely served content can directly control generation instructions and format behavior.