meta-ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts and retrieves arbitrary public URLs and social media content (e.g., create-catalog-feed --fileUrl, upload-video --videoUrl, --images URL parameters, and endpoints like list-page-posts / list-ig-media in scripts/plai-meta.js and SKILL.md), which clearly ingests untrusted, user-generated third-party content that the tool uses in campaign/catalog creation and other actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to manage Meta ad campaigns via the Plai API and includes commands that change ad spend: create-campaign accepts a --budget parameter and there is a dedicated update-budget --campaignId --amount command. It also supports activating campaigns (update-status to ACTIVE) and connecting ad accounts via OAuth. These are specific, built-in operations that can modify advertising budgets/spend rather than only viewing data, so this qualifies as direct financial execution for ad spend.