google-ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Browser Automation Mode explicitly directs the agent to navigate to and snapshot pages on ads.google.com (see SKILL.md "Browser Automation Mode" and references/browser-workflows.md), ingesting external, user-generated ad account content which the agent parses and uses to drive actions (e.g., pausing campaigns), so untrusted third‑party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to manage Google Ads accounts and includes concrete, non-generic controls to change live ad state. It exposes the Google Ads API (google-ads Python SDK) with example mutate operations (e.g., mutate_ad_group_criteria to set status=PAUSED) and a browser-automation workflow that instructs clicking "Edit" → "Pause" for campaigns/keywords. These are direct actions that modify ad delivery/spend (i.e., execute changes that affect money being spent). Although it doesn't show a literal "update budget" API call, the provided API mutation examples and browser steps are specific, actionable financial-control operations against ad accounts (not generic automation). Therefore this skill grants direct financial execution capability for ad spend.