google-ads-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (see 2-keyword-mining.md "External (use at launch)") explicitly directs the agent to mine and use content from public, user-generated review sites (G2, Capterra, Product Hunt, App Store) and competitor landing pages/ads/Google autosuggest as part of keyword discovery, meaning untrusted third-party content is fetched and interpreted to drive decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for end-to-end Google Search Ads operations including "setup to ongoing optimization" and reaches an "execution" phase (keyword uploads, campaign creation, ad publishing). It instructs the agent to check for and use an AdKit CLI that "automates campaign operations" (i.e., performs changes in the Google Ads account). Those automated campaign operations inherently include modifying campaign settings and budgets (directly affecting ad spend). This is a specific advertising execution capability (not generic browser automation or a generic HTTP caller), so it meets the "manage ad spend budgets / execute campaigns" criterion for direct financial execution risk.