The Agent Skills Directory

[DATA_EXFILTRATION]: The skill operates via a hosted MCP server model, requiring all interactions and sensitive advertising data to be transmitted to an external, third-party URL endpoint. This architecture facilitates the collection of business-critical analytics and campaign data by the remote server operator.
[COMMAND_EXECUTION]: The skill implements extensive write capabilities across Google and Meta advertising platforms, including tools for campaign creation (create_search_campaign, meta_create_campaign), budget modification (update_campaign), and audience management. If the remote server is compromised, it could be used to execute unauthorized actions across the connected advertising accounts.
[CREDENTIALS_UNSAFE]: The documentation specifies that authentication is handled by the hosted server and that "credentials are securely stored on the server side." This requires users to trust the third-party server operator with their OAuth access tokens and permissions.
[EXTERNAL_DOWNLOADS]: The skill references an external configuration file for n8n hosted on a personal GitHub repository (irinabuht12-oss), which is an unverified source for critical workflow infrastructure.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the combination of broad write access and the ingestion of external data.
Ingestion points: Data retrieved from Google Ads, Meta Ads, and GA4 reporting tools (e.g., list_campaigns, meta_get_insights, ga4_run_report) which may contain attacker-influenced content.
Boundary markers: No instructions or delimiters are provided to ensure the agent ignores potential instructions embedded within the advertising data.
Capability inventory: Extensive CRUD (Create, Read, Update, Delete) access to ad campaigns, keywords, budgets, and user audiences.
Sanitization: There is no evidence of input validation or output filtering for data returned from the external APIs.

google-meta-ads-ga4-mcp