meta-ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls Meta's Marketing API (graph.facebook.com) from scripts like fetch_insights.py, anomaly_detect.py, creative_fatigue.py, and create_campaign.py to pull ad performance and creative data (third-party/user-generated content) which the SKILL.md workflow requires the agent to read and then base decisions/actions on (pause/update/duplicate/create), so external content can materially influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes write-capable tooling for Meta's Marketing API that can change real ad spend and create/modify campaigns. It lists and documents scripts such as update_budget.py (modify daily/lifetime budgets), pause_ad.py (pause/resume ads/campaigns), duplicate_ad.py, create_campaign.py (build campaign tree that can deliver spend) and rollback_creation.py. The doc even states "Pause / budget / duplicate (POST) actions touch real money" and enforces confirmation rules, but those are controls — the capability to send budget changes and create campaigns is direct financial execution (managing ad spend budgets via an API). This meets the "Managing Ad Spend Budgets" criterion for Direct Financial Execution.