launch-ad-campaign

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires loading and inspecting user-provided landing page URLs (see "Landing page" in Input Required and Process steps that verify pages are live, load under 3 seconds, check conversion tracking, and evaluate ad-to-landing-page message match), which entails fetching arbitrary public web content that the agent will read and use to make launch and compliance decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly performs actions that change and commit advertising spend via platform APIs. It includes steps to configure budgets and bid strategies, enforce and record budget safeguards, and—on user approval—"Execute campaign creation via MCP" (step 12) which creates campaigns with a requested status (e.g., active/launch immediately). It also verifies campaign status and logs execution. The Agents Used list includes an "execution-coordinator" responsible for "platform API execution" and "budget safeguard enforcement." Because this is specifically designed to manage and execute ad budgets (i.e., update/launch spend-driving configurations via ad-platform MCP servers), it meets the criteria for Direct Financial Execution (managing ad spend budgets via API), not a generic tool.