21-audit-ads-performance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly describes an "Auto-pull data qua MCP" flow (references/ mcp-ads-integration.md and the endpoint https://mcp.facebook.com/ads and other third-party MCP servers) where the agent pulls ad account data and creatives from external platforms and then reads/interprets those results to compute Health Scores and drive action plans, so it ingests untrusted third-party content that can materially influence decisions.