facebook-marketing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call the Facebook Graph API (e.g., GET /{pageId}/insights, POST /{pageId}/feed, GET /me/accounts and fetching photos via public URLs) to ingest page/post/group data and insights from Facebook — user-generated, public social-media content that the agent is expected to read and that can materially influence posting, moderation, or ad decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes the Facebook Ads Marketing API and shows steps to create campaigns/ad sets/ads, including references to budget fields (mentions "Then create Ad Set (targeting + budget)" and "Use daily_budget in cents (2000 = $20/day)"). That is a specific API capability to set and manage ad spend (i.e., update budgets/launch campaigns), which qualifies as direct financial execution. While no payment gateway or crypto APIs are present, the Ads Manager budget controls meet the "Managing Ad Spend Budgets" criterion.