ai-marketing-skills-tom-babb

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). The “Knowledge Scrape to Content Workflow” explicitly scrapes outsider-authored free text from public sources (e.g., Reddit submissions’ selftext and comments, plus YouTube comments/forums) at runtime and then instructs the LLM to synthesize it into a content brief by pasting the scraped pain points into the prompt.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill collection explicitly includes paid-advertising workflows and names integrations that can modify ad accounts: "Paid Advertising: Google Ads campaign generation workflows", "Google Ads API: Campaign management", and "Pipeboard: Direct integration to ad platforms". These are specific tools for managing ad campaigns and ad spend (including budgets), which constitutes direct financial execution authority per the policy (managing ad spend/budgets via APIs).

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 08:33 PM
Issues
2
Security Audit — snyk — ai-marketing-skills-tom-babb