adcp-media-buy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly resolves arbitrary brand domains to fetch a brand.json ("Key Concepts: Brand identity") and accepts format_id.agent_url and creative asset URLs in sync_creatives, meaning it fetches and interprets content from external/untrusted web locations which can influence validation, format handling, and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and manage advertising purchases: it exposes create_media_buy (with package-level "budget", "bid_price", pricing_option_id), and update_media_buy (with "budget_change") as core operations. Those are APIs to place media-buy orders and to modify ad spend/budgets (and responses include statuses indicating execution). Managing ad spend via these specific endpoints meets the "Direct Financial Execution" criterion.