meta-ads-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly runs the Meta Ads CLI to fetch account objects and user-generated ad content (e.g., "meta ads insights get", "meta ads ad get", creative/product-item fields) and the required workflows/templates (SKILL.md, references/WORKFLOWS.md, templates/* like pause-underperformer-plan.json) instruct the agent to read and interpret that external Meta-hosted content as part of decision-making, so untrusted third-party content from the social platform can influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to manage Meta advertising accounts and includes direct commands and workflows to create campaigns with daily budgets, update budgets, and activate campaigns (e.g., examples like meta ads campaign create --daily-budget 5000, workflows for “Increase budget”, and meta ads campaign update 123 --status ACTIVE). It provides tooling and a guard script to run write commands (including budget changes and activations) after approval. Managing and changing ad spend/budgets is explicitly covered by the skill and therefore constitutes direct financial execution capability.