ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's docs instruct the agent to offer and/or call the /ads-landing flow which "runs the PageSpeed Insights API" to fetch and analyze landing page URLs (references/quality-score-framework.md and SKILL.md conditional handoffs), i.e., it ingests arbitrary public third-party webpages and uses that content to drive diagnostic recommendations and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly supports and documents write/mutation tools for Google Ads that change financial settings: examples include updateBid, bulkAddKeywords, createCampaign and (explicitly) budget and bid changes. The doc even describes server-side guardrails for bid/budget change limits (bid changes >25%, budget changes >50%), confirms mutations return a changeId and can be undone, and instructs confirming proposed new values and expected USD impact before writing. Because it is specifically designed to operate and mutate ad spend (budgets/bids) via dedicated write APIs, it grants direct financial execution authority over ad spend.