adcp-creative

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch external resources—e.g., resolving brand.domain to retrieve a brand.json and ingesting arbitrary asset URLs and agent_url endpoints in the "Creative Manifests" and "Brand identity" sections—so it will read and act on untrusted third-party web content that can influence generation and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and routes runtime operations to the creative agent at https://creative.adcontextprotocol.org (specified as the required target_format_id.agent_url), which the system calls to obtain format specs and drive generation—i.e., remote content from that URL directly controls the agent's generation prompts/instructions.