help

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly shows commands that fetch and analyze public websites and external services (e.g., "/dm:seo-audit https://example.com" in the Example Prompts and competitor/social analysis), indicating the agent ingests untrusted third‑party web/social content which can influence its analysis and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes ad-execution commands and budget management features. It lists commands such as /dm:launch-ad-campaign, /dm:budget-optimizer, and /dm:budget-tracker, and the platform notes that "launch-ad-campaign" is a write-capable operation that performs actions on external platforms (subject to the MCP write approval hook). Those items indicate the skill can actively launch campaigns and modify ad configurations (including budgets) on connected ad platforms — which fits the "Managing Ad Spend Budgets" criterion for direct financial execution. There are no payment gateways, crypto, banking, or market-order APIs mentioned, but the presence of ad-budget update/launch capabilities is sufficient to flag a direct financial execution risk.