ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and extracts content from public websites via the required "/ads dna " brand‑extraction step (and can pull existing ads from Meta Ad Library / Google Ads Transparency), and that untrusted third‑party content is consumed to build brand-profile.json which is injected into image-generation prompts and campaign/copy generation—directly influencing subsequent agent actions.