adcp-signals

The specification itself is not executable code and contains no explicit malicious routines, but it allows high-risk behaviors if implemented directly as written. Primary risks: outbound calls to caller-supplied agent_url endpoints (data exfiltration / credential harvesting), underspecified authentication/authorization for platform actions, and lack of secure webhook verification for async activation. Recommendations: require allowlisting/verified agent endpoints (or mutual TLS), mandate standardized OAuth/token flows and avoid forwarding raw credentials, enforce webhook signing and verification, require RBAC/explicit operator confirmation for activation operations with potential billing impact, log and encrypt activation keys with strict retention policies, and validate/normalize all user-provided URLs and account identifiers. With these mitigations, the protocol can be used safely for its intended ad-targeting orchestration purpose.