facebook-ads-library-mcp-server

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Although many links are benign placeholders or official (Google AI Studio), the presence of an unknown GitHub repo plus third‑party services and explicit instructions to clone/run installer scripts (execute code from unverified sources) makes this a moderate-to-high risk for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents fetching ads from Facebook's public Ads Library (via the ScrapeCreators API) and returning ad_creative_body, ad_snapshot_url, images, and videos which the agent is instructed to read and analyze (e.g., get_meta_ads -> analyze_ad_video/analyze_ad_image workflows), so untrusted third‑party content from public web sources is ingested and can influence agent decisions.