Back to skill

Security audit

Ad Context Protocol (AdCP) Advertising

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent advertising documentation, but it should be reviewed because it encourages agent-driven ad launches and budget changes that can affect real spend without strong approval guardrails.

Review carefully before installing in any production advertising workflow. Use the public test agent only for testing, keep real credentials in a secret manager, require explicit human approval for campaign creation, launch/resume, budget changes, targeting changes, creative uploads, and destructive syncs, and set spend limits plus privacy/compliance checks for tracking pixels and audience targeting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation exposes a hard-coded authentication token for a test agent, which is a credential disclosure even if the endpoint is described as a test environment. Published tokens are often copied, reused, or mistakenly treated as safe, enabling unauthorized access to the referenced service and normalizing insecure credential handling in downstream integrations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples demonstrate live campaign creation and later budget modification flows without any prominent warning that these actions can trigger real ad spend, contractual commitments, or irreversible side effects. In an automation skill for media buying, this can mislead operators or downstream agents into executing production-affecting actions as if they were safe demos.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guidance includes tracking pixel usage and analytics callbacks without any privacy, consent, or data-governance warning. In an advertising context, embedding third-party tracking behavior can result in silent data disclosure, regulatory issues, and accidental deployment of user-tracking code by agents following the examples verbatim.

Missing User Warnings

High
Confidence
99% confidence
Finding
This appears to be a real usable authentication token presented without any warning that it is sensitive, which materially increases the chance of credential harvesting and unauthorized API use. Because the file is instructional, readers may embed the token into tools, scripts, or production-adjacent testing flows, amplifying exposure and reuse risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The quick reference includes a bearer-style token directly in documentation, which exposes usable credentials to anyone who reads, copies, indexes, or republishes the file. In an agent skill focused on advertising and media buying, leaked credentials can enable unauthorized API access, test-environment abuse, fraudulent campaign actions, data access, or serve as a foothold if the same token is reused or granted broader permissions than intended.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README encourages switching from test mode to production and launching campaigns with real budgets, but it does not clearly warn that these actions can spend real money or require explicit human confirmation. In an agentic context, this increases the chance of unintended financial actions or overspending if a user or downstream system treats the examples as safe defaults.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes uploading creatives and monitoring campaign performance through external advertising agents without clearly warning that creative assets, campaign parameters, and performance data will be transmitted to third-party systems. This can lead users to share sensitive marketing assets or business data without understanding the privacy, confidentiality, or cross-border data-sharing implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The reference documents `delete_missing?: boolean` as archiving creatives not present in a sync, but the surrounding example and guidance do not prominently warn that this can trigger bulk destructive state changes. In an agent skill that automates advertising operations, a user or downstream agent could accidentally omit creatives and silently archive active assets, causing campaign disruption or data loss.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill explicitly promotes launching campaigns, managing budgets, and auto-optimizing spend through natural language, but it does not prominently warn that these actions may trigger real ad purchases and business-impacting changes. In an agentic context, users may treat the workflow as exploratory or simulated and accidentally authorize spend, budget reallocations, or live campaign changes without understanding the consequences.

Missing User Warnings

High
Confidence
96% confidence
Finding
The quick-start text says a campaign 'goes live instantly' immediately after a natural-language create command, without an adjacent warning that this may create live advertising spend. Because the skill is specifically designed for media buying and budget execution, this framing materially increases the risk of unintended financial commitments and accidental launch of real campaigns.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly promotes behavioral targeting based on browsing history, retargeting pixels, life events, purchase intent, and lookalike audiences without any accompanying privacy, consent, retention, or lawful-basis guidance. In an advertising automation skill, this omission can lead users to deploy privacy-sensitive targeting in ways that violate platform policy or data protection rules, increasing legal, compliance, and reputational risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
Hardcoded tokens in documentation create durable credential exposure because docs are widely copied into repositories, chat transcripts, and example integrations. Even if intended only for testing, the token can be abused directly or encourage insecure reuse patterns that lead to broader secret sprawl.

External Transmission

Medium
Category
Data Exfiltration
Content
},
        click_through_url: 'https://streamtech.com/signup',
        tracking_pixels: [
          'https://analytics.streamtech.com/impression',
          'https://analytics.streamtech.com/completion'
        ]
      }],
Confidence
81% confidence
Finding
https://analytics.streamtech.com/

External Transmission

Medium
Category
Data Exfiltration
Content
click_through_url: 'https://streamtech.com/signup',
        tracking_pixels: [
          'https://analytics.streamtech.com/impression',
          'https://analytics.streamtech.com/completion'
        ]
      }],
Confidence
81% confidence
Finding
https://analytics.streamtech.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
PROTOCOLS.md:393