ad-upload

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs using and embedding FACEBOOK_ACCESS_TOKEN (and shows curl/JSON examples with access_token) and explicitly says dry-run should show the "exact JSON payload" that would be sent, which would require the LLM to output secret token values verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly calls Facebook's Graph API (e.g., curl to /adimages, /adcreatives, and /{AD_ID}?fields=creative{...}) and reads asset_feed_spec/creative fields and image info from Facebook as part of its upload/update workflow, which is third‑party social content that can influence subsequent API actions.