meta-ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third‑party content — e.g., campaign/scripts/lp_analyzer.py scrapes arbitrary landing page URLs, campaign/scripts/ad_library.py pulls/scrapes the Meta Ad Library (and generates web research prompts), and campaign/references/stage-prompts.md (Stage 4) tells the sub-agent to use web_search/web_fetch on Reddit, forums and review sites — and those findings are written to market-research.md / customer-profile.md and fed into downstream stages (strategy, creative generation, uploads), so untrusted external content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill launches Claude/Opus sub-agents (campaign/references/stage-prompts.md and ad_library.py) that instruct the model to run web_search/web_fetch against external sites (e.g., reddit / site:facebook.com/ads/library / site:adspy.com) at runtime and inject those fetched pages/quotes into the agent's context (market-research.md / competitor-ads.md), so external URLs like site:facebook.com/ads/library and reddit.com are used at runtime to directly control prompts and outputs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with the Meta (Facebook) Graph API requiring permissions such as ads_management and includes scripts and functionality that modify live campaigns: auto_optimize.py ("auto-pause bleeders, shift budget to winners"), ad_uploader.py / upload_to_meta.py ("Upload to Meta Ads Manager"), and a Meta Graph API wrapper (meta_api.py). Those components indicate the skill programmatically updates ad campaigns and budgets (i.e., manages ad spend) via the Meta Ads API, which is a specific financial-execution capability per the policy (Managing Ad Spend Budgets via API). Other integrations (Genviral image generation) are non-financial and irrelevant to this decision.