meta-ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and act on data from Meta's public Graph API (e.g., calls to "https://graph.facebook.com/v22.0/{ad-account-id}/..." for accounts, campaigns, ads, and insights), which are untrusted third‑party API responses that the agent reads and uses to make decisions (create/update/pause campaigns), so it could be influenced by indirect prompt-injection via returned content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specialized Meta Ads (Facebook/Instagram) marketing API integration that explicitly includes endpoints and examples to create and update campaigns and ad sets with monetary fields (daily_budget, lifetime_budget, bid_amount), to read account balance/spend_cap, and to retrieve/affect spend-related metrics. The documentation shows POST/DELETE requests that modify campaigns/ad sets (including budgets), which is exactly the API-level capability to manage ad spend (i.e., update budgets and trigger ad delivery/charges). This is a specific financial execution capability (managing ad spend/budgets), not a generic tool, so it meets the "Direct Financial Execution" criteria.