launch-ad-campaign

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and inspects user-provided public landing page URLs and the brand website to verify conversion pixels, landing-page relevance, and ad-to-landing-page message match (see SKILL.md steps on "Landing page" and Steps 3, 7, 11, 13), which requires ingesting arbitrary third-party web content that could carry untrusted instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and launch paid advertising campaigns via connected ad-platform MCP servers and platform APIs. It configures and sets budgets, bid strategies, pacing, and can activate campaigns (launching spend). It includes steps to "Configure bid strategy and budget controls", "Verify budget against brand thresholds", "Execute campaign creation via MCP", and "platform API execution" — i.e., it uses platform APIs to set/update budgets and start campaigns that incur ad spend. Per the rules, managing ad spend budgets via API is considered Direct Financial Execution.