meta-ads-control

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill makes live requests to the Meta Graph API (graph.facebook.com) and can fetch arbitrary Graph paths or full URLs (see scripts/meta_ads.py MetaApiClient.request and the "request", "targeting-search", "insights", "get", "list", and "batch" commands), ingesting user-generated / third‑party ad, page, and targeting data which the agent is explicitly instructed to read and use to build targeting specs and actions (see SKILL.md and WORKFLOWS.md), so untrusted third‑party content can materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to interact with the Meta Marketing API and includes commands and examples that create and modify campaigns/ad sets/ads and their budgets (fields like daily_budget and lifetime_budget). It provides concrete subcommands for update/create and a step-by-step "Increase a budget safely" flow (dry-run, confirm, apply) and requires a live META_ACCESS_TOKEN for real API calls. These are direct controls over ad spend and delivery (i.e., moving/allocating money via the ads platform), not merely generic browsing or reporting. This matches the listed Direct Financial Execution category "Managing Ad Spend Budgets" (API to update the budget).