gentic-meta

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and displays user-generated social media content via the Meta Graph API (e.g., fetch_meta_ad_creatives returns ad copy, images, and videos from Facebook/Instagram pages, and get_meta_pages/export_meta_report also surface third-party page/report content; upload_meta_image/upload_meta_video accept public URLs), so the agent ingests untrusted third-party content that could influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes Meta Ads API actions that create and configure campaigns, ad sets, and ads with budget fields (e.g., create_meta_campaign with daily_budget/CBO, create_meta_adset with daily_budget, budgets specified in cents, billing_event, etc.). These are specific ad-spend management operations that can allocate/update advertising budgets (i.e., directly affect spend). This matches the "Managing Ad Spend Budgets" criterion for Direct Financial Execution.