meta-ads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes user-generated content from Meta's Graph API (e.g., curl calls to https://graph.facebook.com/v22.0/... for ad accounts, campaigns, ads, insights and paging.next), so returned third‑party fields and URLs are read/interpreted by the agent and could materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly the Meta Marketing API and includes endpoints and examples to create, update, and delete campaigns/ad sets and to set budgets and bid amounts. Examples show POST requests that modify "daily_budget", "lifetime_budget", "bid_amount", and campaign "status" (activate/pause). Account-level fields include "balance", "amount_spent", and "spend_cap". This is a purpose-built API to manage ad spend and budgets (i.e., directly change where money is allocated and enable spending), which matches the "Managing Ad Spend Budgets" criterion for Direct Financial Execution.