Meta Ads Audience Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Meta Ads analysis helper that uses expected read-only ad account access and stores limited analysis outputs for a related recommendation workflow.

Install only if you are comfortable giving the agent read-only Meta Ads access for the intended ad account. Use the narrow ads_read scope, avoid broad or long-lived tokens when possible, and review any downstream recommendation skill before letting it act on the stored audience and budget findings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly writes audience findings and budget reallocation details into session context, which creates persistence of potentially sensitive marketing intelligence without any notice, consent, retention limit, or scoping guidance. While this is not credential exposure, campaign segmentation, overlap, and budget strategy data can be sensitive business information and may be unintentionally exposed to other skills, later steps, or users depending on how session context is shared.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal