Adagent Facebook Ads

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about controlling Meta ads, but it can make live spend-affecting changes through an embedded connector without strong confirmation guardrails.

Install only if you trust AdAgent with your Meta Ads account access. Treat the MCP link like a password, verify the Facebook permissions and ad accounts connected, and require the agent to ask for explicit confirmation before creating, enabling, pausing, or changing budgets for campaigns, ad sets, or ads.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger text includes broad routing language such as 'or wants to manage their Facebook advertising,' which can cause the skill to activate for loosely related requests. Because this skill can create and enable ads tied to real ad spend, overbroad invocation increases the chance of unintended access to high-impact advertising actions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The workflow shows `enable_campaign`, `enable_ad_set`, and `enable_ad` without a prominent warning that these actions can immediately start delivery and incur charges. In a skill connected to live Facebook ad accounts via embedded credentials, insufficient spend-risk disclosure materially raises the chance of accidental financial impact.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal