snapchat-marketing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch data from the Snapchat Marketing API (e.g., via "membrane action run" and the "Proxy requests" section showing membrane request CONNECTION_ID /path/to/endpoint), which exposes the agent to third-party social-media/user-generated content that it will read and could influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated Snapchat Marketing integration and explicitly surfaces advertising controls such as "Campaign Budget" and "Bidding." It provides Membrane CLI actions and a proxy to the Snapchat Marketing API (with guidance on running actions and sending requests), which would allow the agent to call endpoints that update campaign budgets, adjust bids, and otherwise manage ad spend. Managing/updating ad spend (campaign budgets/bidding) is specifically listed in the Core Rule as a Direct Financial Execution capability, and this skill is specifically designed to operate on that advertising spend data rather than being a generic tool. Therefore it qualifies as having direct financial execution authority.