google-meta-ads-ga4-mcp

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill requires connecting at runtime to a hosted MCP server via the configured endpoint (YOUR_MCP_ENDPOINT_URL), and that remote URL is a required runtime dependency that supplies tools/responses which can directly control the agent's prompts/behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides read-write ad platform APIs that create and modify campaigns, ad sets, bids, and budgets. Examples: create_search_campaign accepts budget_amount_micros; meta_create_ad_set accepts daily_budget and bid_amount; update_campaign is used to change daily_budget_micros; tools to resume/pause campaigns and pause keywords. These are direct APIs to change ad spend and bidding (not just read-only), so the skill grants direct financial execution authority over advertising budgets.