ops-marketing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly scans for and prints environment/Doppler/Keychain entries (e.g., printenv, security -w, doppler secrets --plain) and requires presenting "ALL findings" and prompting for missing API keys which will be embedded into curl/CLI flows, meaning secrets can be output verbatim and thus exposed — high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly fetches and ingests untrusted, user-generated third‑party data (e.g., Meta/Instagram Graph API media and insights, Google Search Console queries/pages, Google Ads search terms and metrics, and arbitrary image/video URLs) and then uses that data in workflows that create/pause campaigns, set rules, compute optimizations, and recommend budget reallocations (see the meta-manage, instagram, seo/gsc, google-ads, campaigns, optimize, and attribution sections), so third‑party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with advertising/payment-related APIs (Meta Graph API, Google Ads API) and provides commands that create and modify live ad spend and budgets. Examples: Meta "create-campaign" and "advantage" POSTs include daily_budget; meta "rules" can create automation with execution_spec that INCREASE_BUDGET; meta "creative" and "ads" endpoints create ads/adcreatives. Google Ads section performs campaignBudgets:mutate and campaign campaigns:mutate calls, supports "create campaign", "adjust budget", "enable/pause campaign", and updates campaignBudget.amountMicros via the API. These are specific, purpose-built operations to change advertising budgets and create/enable campaigns (i.e., directly affect spend). Under the CORE RULE this is Direct Financial Execution (managing ad spend budgets via API).