pp-google-ads

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's auth instructions explicitly show storing an OAuth2 access token via a CLI argument ("google-ads-pp-cli auth set-token YOUR_TOKEN_HERE"), which encourages accepting and embedding secret values verbatim in commands (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill’s SKILL.md explicitly instructs agents to run in --agent mode and parse live API results (e.g., commands like customers_google_ads search, generate_creator_insights, generate_trending_insights and other read/mutate calls) which fetch user-generated/public content from Google/YouTube via the Google Ads API and can be used to drive follow-up actions (mutations, recommendations, webhooks), so untrusted third‑party content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The README instructs running "go install github.com/mvanhorn/printing-press-library/library/marketing/google-ads/cmd/google-ads-pp-cli@latest" (and similarly for google-ads-pp-mcp@latest), which fetches remote GitHub code and builds/installs binaries that will be executed locally and are required to use the CLI — therefore this is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a Google Ads CLI with explicit commands to create, update, and remove campaign budgets and account budget proposals (e.g., "customers_campaign_budgets — Creates, updates, or removes campaign budgets" and "customers_account_budget_proposals ... Creates, updates, or removes account budget proposals"). It also exposes billing-related operations (billing setups) that can change billing configuration. Per the core rule, APIs that update ad spend budgets are considered direct financial execution. This is not a generic tool — its primary and explicit purpose includes modifying budgets and billing — so it grants direct financial execution capability.