Back to skill

Security audit

Meta Ads Strategy: Facebook & Instagram Ads, Creative, Copy, Targeting, ROAS, Pixel, Ads Manager

Security checks across malware telemetry and agentic risk

Overview

This is mostly a Meta ads guide, but it needs Review because it can steer agents into ad-account actions and persistent project changes without enough user control.

Install only if you want an agent to help with Meta ads and you are comfortable reviewing each file read/write and every AdKit or Ads Manager action. Treat it as advisory unless you explicitly approve campaign creation, publishing, budget changes, Pixel/customer-data setup, and persistent brief storage; do not rely on the VPN or spare-account advice to avoid platform enforcement.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document explicitly warns against personal attribute assertions because Meta may reject them, but later recommends a direct-address hook formula like "If you're [struggling with X], read this," which can violate that same policy. In a skill designed to generate ad copy, this inconsistency can cause users to produce non-compliant ads, leading to disapproval, account quality issues, and wasted spend.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill goes beyond advisory behavior and instructs the agent to execute a local CLI command (`adkit status`) and potentially perform campaign-creation actions via `adkit`. In a strategy skill, this expands from guidance into tool use that can trigger real-world account changes, billing exposure, or unintended interaction with locally installed software without clear user confirmation or tight scope controls.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The instruction that the process is 'the same regardless of ad platform' materially broadens the skill beyond its declared Meta-only scope. Scope drift is a real security and governance issue because it can cause the agent to act in unsupported domains, increasing the chance of inappropriate advice, use of irrelevant workflows, or execution paths not covered by the skill's intended safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section directs users to deploy Meta Pixel tracking across their site and optimize around conversion events, but it omits any guidance on consent, lawful basis, privacy notices, or regional compliance requirements such as GDPR/CCPA/ePrivacy. In a marketing skill, that omission is materially risky because users may implement site-wide tracking and ad attribution in ways that violate privacy law or platform policies, especially when event parameters include revenue-related data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The custom audiences guidance encourages use of email lists and pixel-derived audiences without warning about consent, data-sharing permissions, hashing/secure handling, or restrictions on uploading customer data to Meta. Because this skill is specifically designed to help users run ad campaigns, the lack of guardrails makes improper use of customer data more likely and increases legal, regulatory, and reputational exposure.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The file explicitly instructs users to make ads look indistinguishable from native social content, which can encourage deceptive advertising practices and reduce clear separation between ads and organic posts. In the context of a Meta ads skill, this is more dangerous because it operationalizes the tactic as best practice and may lead users to create misleading creatives that undermine disclosure norms and platform policy compliance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to save `.agents/ad-brief.md` in the user's project root without requiring clear user consent or warning that the write is persistent across future sessions. Silent persistence can surprise users, introduce unwanted files into repositories, and create privacy or workflow risks if sensitive business information is stored locally without explicit approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.