meta-ads

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and endorses passing the App Secret on the command line (e.g., social auth set-app --app-id YOUR_APP_ID --app-secret YOUR_APP_SECRET), which requires embedding secret values verbatim in commands and risks exfiltration/logging.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (scripts/meta-ads.sh) repeatedly call social-cli to fetch ad-level data from Meta (e.g., "social ... marketing insights" in report_daily_check, report_bleeders, report_winners), ingesting ad names/creative metrics from a third-party social platform which the agent reads and uses to drive recommendations and potential actions (pause/resume/shift budget), so untrusted/social content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly wraps social-cli and exposes mutating ad-management commands: pausing/resuming ads and setting adset daily budgets (social marketing pause/resume, social marketing set-budget). "Shift budget" and the AI workflow state the AI will "Increase budget" and "Pause confirmed bleeders" (on approval). Managing ad spend budgets via an API is listed, which matches the "Managing Ad Spend Budgets" criterion for Direct Financial Execution.