account-based-marketing-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly ingests and acts on public third‑party content — e.g., LinkedIn Sales Navigator results (linkedin_api.search_people), third‑party intent providers like Bombora/G2/TrustRadius, job boards, and technographic sources (BuiltWith/HG Insights) — which are untrusted/user-generated and are read and used by the agent for buying‑committee discovery and intent scoring.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly defines budgeted spend and automated budget changes. It includes per-account/ad budgets (e.g., "$500/account", annual budgets) and an automation rule action "increase_ad_spend_2x" under intent_spike_response. The integration notes advertising orchestration as a capability. While it does not name payment gateways, it does explicitly specify automated modification of ad spend/budgets — which falls under "Managing Ad Spend Budgets" (the criterion for direct financial execution).