meta-ad-policy-checker

Warn

Audited by Snyk on Jul 2, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Outsider free text is fetched at runtime from public Meta Transparency Center pages (e.g., the ad-standards index and resolved policy pages) and then ingested into the agent’s LLM context for citation/reasoning in Phase 2 (“Fetch + Cache Live Policy Text”).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches live policy pages at runtime (starting with https://transparency.meta.com/policies/ad-standards/ and then resolves and fetches canonical Meta policy pages) and injects that fetched policy text into the agent's reasoning/output, so external content directly controls the agent's prompts/instructions and is a required dependency.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:16 AM
Issues
2
Security Audit — snyk — meta-ad-policy-checker