ai-marketing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires ingesting and analyzing user-generated third‑party content (e.g., "Export all comments from posts and ads" and "Inputs: Xiaohongshu trending page data" in the Sentiment Analysis and Trend Prediction sections) and then uses those analyses to drive recommendations and automated actions (optimization, personalization, bidding), which creates a clear vector for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes automated ad bidding and budget management: "Budget: Daily amount with AI optimization", "Budget reallocation based on performance", "AI adjusts bids to hit target cost per acquisition", "AI automatically maximizes conversions for budget", "Allocate budget to top combinations", "Budget pacing and allocation" and recommendations to integrate with ad platforms and enable AI features on Xiaohongshu native ads. Those are explicit instructions for programmatically changing ad bids/budgets (i.e., managing ad spend), which counts as Direct Financial Execution per the core rule (managing ad spend budgets via API/automation). While it does not mention payment gateways or banking APIs, the automated bidding/budget-reallocation functionality is a specific financial execution capability.