Facebook/Meta Ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly defines custom_audiences sourced from social engagement (e.g., "video_viewers" with video_id and "page_engagers") and lists UGC assets (e.g., "ugc_1.jpg") and API usage of fb.api, indicating it ingests user-generated social media content from Facebook/Instagram which can directly affect targeting, campaign decisions, and automated rules.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about managing Facebook/Meta advertising and includes API calls and configuration that change ad budgets and bidding. Examples show POST /act_123/adsets with a daily_budget field (in cents) and automated_rules that perform actions like "increase_budget" and set max_budget. These are specific, actionable ad-spend/budget modification operations (not just viewing), which qualifies as direct financial execution for managing ad spend budgets per the core rule.