adcp-media-buy
Warn
Audited by Snyk on May 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly says the agent "resolves the domain to retrieve the brand's identity (name, colors, guidelines, etc.) from its brand.json file" on the brand's domain and uses external format definitions via format_id.agent_url (e.g., https://creative.adcontextprotocol.org), indicating it fetches and interprets content from arbitrary third‑party URLs which can influence campaign decisions and tool behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly says the agent "resolves the domain to retrieve the brand's identity ... from its
brand.jsonfile" (e.g., fetching https://acmecorp.com/brand.json), which would be fetched at runtime and injected into the agent's context/prompts.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and manage media-buy (advertising purchase) operations. It exposes create_media_buy (with package budget, bid_price, pricing_option_id) and update_media_buy (with budget_change and status updates), which are direct APIs for setting and changing ad spend and submitting purchases. The presence of budget fields, bid prices, and asynchronous purchase/approval semantics (status, task_id) — plus instructions for real vs. dry-run/sandbox modes — indicates this tool's primary purpose is to execute financial ad buys rather than merely view inventory. Therefore it grants direct financial execution authority for ad spend.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata