adspirer-ads-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly accepts and downloads arbitrary public URLs (Google Drive, S3, Dropbox or "any public URL") for creative assets and then validates/uploads those assets as part of campaign creation, which clearly ingests untrusted third‑party content into the agent's workflow and can materially affect subsequent campaign actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly connects to ad platform APIs and includes actions that modify ad spend: create campaigns, update_campaign/update_meta_campaign, optimize_budget_allocation/optimize_meta_budget/optimize_linkedin_budget, update_bid_strategy, pause/resume campaigns, and other write operations that change budgets and bidding. Managing ad budgets via platform APIs is specifically listed (not just read-only or generic automation). Although it includes safety rules requiring confirmation, the presence of explicit budget-update and campaign-management APIs constitutes Direct Financial Execution capability.