launchfast-ppc-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 2 explicitly calls mcp__launchfast__amazon_keyword_research(asins: [...]) to extract keywords from competitor ASINs (public Amazon listings / LaunchFast data), which means it ingests untrusted third‑party content that is then read and used to decide tiers, bids, and generate the bulk CSV — allowing such content to materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and configure Amazon PPC campaigns: it assigns bids, sets daily budgets, and generates an Amazon Sponsored Products Bulk Operations file that, when uploaded, will create campaigns and apply those budget/bid settings. This is a specific ad-spend management capability (not a generic browser or API caller) intended to allocate advertising budget and thus directly affect financial execution. Therefore it meets the "Direct Financial Execution" criterion (managing ad spend/budgets).