metaads

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious — the skill instructs fetching and executing a third‑party shell installer (https://astral.sh/uv/install.sh) via curl | sh, a high‑risk pattern for malware distribution (the yoursite.com link is just a landing page and not a direct download).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill directly calls the Meta Graph API (graph.facebook.com) from tools/Analytics.py and tools/Publish.py to fetch campaign/ad/insight data and creative text/images (e.g., get_account_insights, get_campaigns_insights, publish_from_config), so it consumes social-media/user-generated content from a third-party service which the agent reads and analyzes at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for creating, publishing, and managing Meta ad campaigns via the Marketing API and includes fields and scripts to set and modify ad budgets (e.g., daily_budget in cents), publish campaigns, scale/increase budgets, and activate/resume campaigns. It provides a Publish.py tool to create campaigns and upload assets and workflows that perform token-authenticated API operations against a paid ad account (META_ADS_ACCOUNT_ID, META_ADS_ACCESS_TOKEN). This is direct control over ad spend (ability to set/update budgets and launch/activate campaigns), which qualifies as Direct Financial Execution under the "Managing Ad Spend Budgets" rule.