google-ads-api-mcp-setup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent/user to install and run remote packages at runtime (which executes fetched code), e.g. "pipx install google-ads-mcp" (from PyPI) and the development install "pipx install git+https://github.com/googleads/google-ads-mcp.git", so the GitHub/PyPI sources are runtime-executed external dependencies.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to execute installation commands that modify the host (including a privileged command "sudo apt install pipx"), alter shell/profile and application config files, and mandates running environment checks and installs—actions that change the machine's state and can require elevated privileges.