google-ads

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly directs the agent to use MCP server playbooks at runtime (e.g., notfair://playbooks/audit-account and notfair://playbooks/explain-regression), which are fetched during execution and would supply/control the agent's starting instructions/prompts.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes mutation APIs that change ad spend and bidding: it lists "update ... budgets" among single-entity writes, bulk bid updates (bulkUpdateBids), campaign creation (createCampaign / createPerformanceMaxCampaign / etc.), and other write primitives (pause/enable/update) that directly alter spend allocation. The decision logic also enforces using dedicated mutation tools for writes. Because "managing ad spend budgets" (the specific API to update budgets) is present, this is direct financial execution capability.