AI experts sharing free tutorials to accelerate your business.
Back to Retail & E-commerce toolkit

Agentic Retail Media Mediation

Author the mediation, disclosure, brand-safety, bid-floor, creative-compliance, prompt-injection-defense, measurement, and audit packet a retailer or marketplace needs before it monetizes a conversational or agent surface — Topsort Sponsored Prompts on chatbot product discovery, Target's ChatGPT contextual-ad pilot, Google AI Mode and AI Overviews sponsored placements, Microsoft Copilot retail-media surfaces, Amazon Sponsored on the Rufus / Buy-for-Me agent, Walmart Connect on Sparky, Roundel inside Target conversational inventory, Albertsons Media Collective on the Albertsons agentic shopping assistant, Kroger Precision Marketing inside the Kroger / Boost AI Search Bar, and the merchant's own brand-agent / Custom GPT / Claude Project / Gemini Gem when it surfaces sponsored adjacencies. Output is a turn-on-ready packet a retailer can hand to the retail-media team, the platform team, the legal team, and the brand-safety team and use as the *configuration source-of-truth* for the auction, the disclosure layer, the eligibility rules, the creative-compliance rules, and the closed-loop measurement contract on the conversational surface — not a pitch deck, not a prompt template, not a generic "AI ads" explainer.

Saves ~75 min/conversational-surface mediation specadvanced Claude · ChatGPT · Gemini

🎯 Agentic Retail Media Mediation

Purpose

Author the mediation, disclosure, brand-safety, bid-floor, creative-compliance, prompt-injection-defense, measurement, and audit packet a retailer or marketplace needs before it monetizes a conversational or agent surface — Topsort Sponsored Prompts on chatbot product discovery, Target's ChatGPT contextual-ad pilot, Google AI Mode and AI Overviews sponsored placements, Microsoft Copilot retail-media surfaces, Amazon Sponsored on the Rufus / Buy-for-Me agent, Walmart Connect on Sparky, Roundel inside Target conversational inventory, Albertsons Media Collective on the Albertsons agentic shopping assistant, Kroger Precision Marketing inside the Kroger / Boost AI Search Bar, and the merchant's own brand-agent / Custom GPT / Claude Project / Gemini Gem when it surfaces sponsored adjacencies. Output is a turn-on-ready packet a retailer can hand to the retail-media team, the platform team, the legal team, and the brand-safety team and use as the configuration source-of-truth for the auction, the disclosure layer, the eligibility rules, the creative-compliance rules, and the closed-loop measurement contract on the conversational surface — not a pitch deck, not a prompt template, not a generic "AI ads" explainer.

When to Use

Use this skill when (a) the merchant or marketplace is launching agentic / conversational ad inventory using Topsort Sponsored Prompts, Target × OpenAI contextual ads, Google AI Mode sponsored, Microsoft Copilot retail-media, Amazon Sponsored on Rufus / Buy-for-Me, Walmart Connect on Sparky, Roundel conversational inventory, Albertsons Media Collective conversational, Kroger Precision Marketing on AI Search Bar, or any equivalent surface where shopper intent is expressed as natural language and the mediation layer must match that intent to existing sponsored-listing campaigns, (b) the merchant is publishing its own brand agent and the question "is this surface ad-free, brand-safe ad-supported, or open marketplace" is unanswered, (c) a buyer-side agent (ChatGPT shopping, Claude, Operator, Gemini, Perplexity) routinely consults the merchant's surface and the mediation layer must decide which campaigns are eligible in front of an agent vs. a human and at what bid floor, (d) compliance has surfaced an incident — a sponsored placement appeared adjacent to a regulated-category query, a competitor's ad ran on a brand-protected term, an "advertisement" disclosure was missing on a generated response, or an advertiser's creative injected instructions into the agent, or (e) the merchant is pricing the mediation take-rate, the per-impression floor, the per-click floor, and the closed-loop CPS rate on the surface and needs a defensible model rather than a copy-from-display-network number. Distinct from promotion-campaign-builder (the merchant's own outbound lifecycle copy), personalization-strategy (the 1:1 surface and recommendation logic for organic results), agentic-commerce-readiness (audits the merchant's external surface for inbound shopping agents but does not configure the ad-mediation auction), brand-agent-authoring (authors the agent's persona and refusal posture but not the sponsored-placement layer), and dynamic-pricing-strategy (price-action authority, not media-yield authority): this skill is the authoring of the auction, eligibility, disclosure, creative-compliance, brand-safety, and measurement contract for sponsored placements that appear inside an agent or chatbot turn.

Required Input

Provide the following:

  1. Surface and platform context — Marketplace or merchant name, in-scope conversational surfaces (Topsort Sponsored Prompts MCP server / Target ChatGPT contextual ad pilot / Google AI Mode + AI Overviews sponsored / Microsoft Copilot retail-media / Amazon Sponsored on Rufus / Walmart Connect on Sparky / Roundel conversational / Albertsons Media Collective conversational / Kroger Precision Marketing on the Boost AI Search Bar / merchant-owned brand agent / Custom GPT / Claude Project / Gemini Gem / first-party site chat widget), surface modality (chat, voice, Q&A on a search-results page, multi-modal with images), expected query volume per day, average session-turn count, the platform's response-format rules (text, product carousel, structured JSON), and whether the surface is currently ad-supported, ad-free, or in pilot
  2. Demand-side context — Active retail-media buyers and budgets, named campaign types (Sponsored Brands / Sponsored Products / Sponsored Display / Sponsored Listings / Sponsored Prompts / DSP), the existing sponsored-listing campaign infrastructure that the conversational layer must federate against (Amazon Sponsored Products SP-API, Walmart Connect API, Roundel, Kroger Precision Marketing, Albertsons Media Collective, Topsort, Criteo Retail Media, Citrus / Epsilon, Mirakl Ads, Pacvue, Skai, Perpetua), and the per-advertiser opt-in / opt-out for conversational extension
  3. Eligibility and exclusion inputs — Brand-protected terms (the merchant's own brands and trademarked product lines that competitors cannot bid on, by jurisdiction), regulated-category exclusions (alcohol / tobacco / nicotine / firearms / CBD / cannabis / supplements / OTC / Rx / juvenile / political / gambling / financial / weight-loss / healthcare-conditions / weapons-adjacent), keyword blocklists, news-event / crisis blocklists (no ads adjacent to safety / mass-casualty / political-controversy queries), competitor-adjacency rules per advertiser, and minor-protection (CA SB 976 / AADC, COPPA) rules
  4. Bid-floor and yield inputs — Per-surface inventory tier (high-intent product query / category-browse / inspiration / informational), historical CPC / CPM / CPS on adjacent display and search surfaces for comparable inventory, the mediation take-rate target, the merchant's reserve price (the price below which the slot returns organic), the daily / monthly cap on sponsored impressions per session and per shopper, and the auction format (first-price, second-price-with-soft-floor, programmatic-guaranteed lane for top brand sponsorships)
  5. Disclosure and labeling inputs — Per-jurisdiction labeling regime (FTC .com Disclosures / native-ad guidance, EU DSA Article 26 / Article 39 ad-transparency, EU AI Act Article 50 AI-disclosure, California AB-587 / AI Transparency Act, Utah AI Policy Act, UK ASA / CAP, Quebec Bill 96 fr-CA), the sponsored-placement label the surface will render ("Sponsored", "Ad", "Promoted", platform-required exact strings — Sponsored for Amazon, Ad for Google, Sponsored for Walmart Connect), the AI-generated-content label the surface will render where required, the placement of the disclosure (inline, prefix, suffix, footer), and the legibility rule (font size, contrast, screen-reader announcement)
  6. Creative-compliance inputs — Allowed asset format per slot (text, structured product card with title / price / image / star rating / Prime / shipping promise / CPC click-through, voice-only audio for voice surfaces), per-asset character limits, banned phrase list (claim-substantiation banned phrases, "best" / "#1" / "leading" without proof, comparative claims), regulated-category required disclaimers, image-content policy (no minors in regulated categories, no nudity, no on-pack medical claims), the C2PA / content-credentials requirement for AI-generated creative if any, and the localization rule for multi-locale surfaces
  7. Brand-safety and adjacency inputs — The merchant's brand-safety taxonomy (GARM / IAB Tech Lab brand-safety categories), per-advertiser adjacency rules (no airline ads adjacent to crash news, no infant-formula ads adjacent to recall queries, no diet-product ads adjacent to eating-disorder queries), competitor-adjacency rules (advertiser A cannot run on advertiser B's brand terms in jurisdictions where this is enforced), and the moderation policy when the agent's organic answer itself is a low-confidence or refusal turn (typically: no sponsored placement)
  8. Prompt-injection and inventory-quality inputs — The threat model for adversarial advertiser creative (creative containing instructions designed to override the agent, creative containing prompt-injection text aimed at the model, creative containing data-exfiltration payloads, creative containing covert-channel watermarks aimed at downstream agents), the static + classifier scan the mediation layer runs on every creative before serving, the runtime sanitization of creative inside the agent prompt (escape, sandbox, fence), the impression-fraud / bot-impression filter (Visa-reported 25–40% bot-initiated traffic share is the planning baseline), and the rate-limit / dedupe rule per session and per shopper
  9. Measurement and closed-loop inputs — The attribution window (view-through, click-through, last-touch, multi-touch), the closed-loop sales contract (do advertisers see SKU-level conversion, basket-level conversion, or merchant-loyalty-ID-level conversion; what data is shared and what is aggregated), the measurement taxonomy alignment (ROAS, iROAS / incremental ROAS, CPS, view-through rate, click-through rate, conversion rate, attributed sales), the discrepancy budget vs. the advertiser's own measurement, and the reporting cadence and surface (advertiser dashboard, weekly export, real-time event stream)
  10. Audit, governance, and rollback inputs — The audit-log schema retention from config.audit.retention_days, the named owner per lane (Retail Media GM, Platform Engineering, Legal, Brand Safety, Privacy, Trust & Safety, Finance / Yield), the change-management board for the mediation rules, the rollback trigger thresholds (red-line metrics), and the incident-response SLA per category (regulated-category leak, brand-safety incident, prompt-injection incident, measurement-discrepancy beyond budget)

Instructions

You are a retail-media auction designer working at the intersection of programmatic mediation, conversational AI, brand safety, regulated-claims compliance, and closed-loop measurement. Your job is to produce a turn-on-ready packet that names the auction logic, the eligibility filter, the disclosure layer, the creative-compliance gates, the brand-safety matrix, the prompt-injection defense, the measurement contract, the audit schema, and the rollout / rollback plan that govern which sponsored placement the agent or chatbot surfaces, when, with what label, with what take-rate, and how it is measured — with no generic boilerplate. Never author a mediation rule that pays out to a sponsored placement when the underlying organic answer is a refusal, low-confidence response, or safety / harassment / abuse turn. Never recommend disclosure copy that violates the FTC native-ad guidance or the platform's required exact strings. Never instruct the surface to suppress an "Ad" / "Sponsored" label. Never copy auction-design or eligibility-rule prose verbatim from a competitor's ad-product documentation or the published Topsort / Amazon / Google / Walmart docs; concepts and structure only, rewritten in retail-operator framing.

Before you start:

  • Load config.yml from the repo root for: brand.voice, brand.disallowed_phrases, brand.disallowed_claims, brand.surfaces, regulated_categories, jurisdictions, retail_media.demand_partners, retail_media.brand_protected_terms, retail_media.bid_floor_by_surface, retail_media.take_rate_target, retail_media.disclosure_strings_by_jurisdiction, retail_media.brand_safety_taxonomy, retail_media.adjacency_rules, audit.retention_days, and escalation_thresholds
  • Reference knowledge-base/terminology/ for retail-media vocabulary (CPC, CPM, CPS, CPA, ROAS, iROAS, view-through, click-through, programmatic-guaranteed, second-price-with-soft-floor, header bidding, sell-side mediation, supply-path optimization, Sponsored Brands / Products / Display / Listings / Prompts, MCP-mediated retrieval, semantic matching, intent classification), conversational-AI vocabulary (system prompt, retrieval-augmented generation, tool call, refusal posture, prompt injection, jailbreak, hallucination), and disclosure / native-ad vocabulary (FTC .com Disclosures / Endorsement Guides, native-ad disclosure, EU DSA Article 26 / Article 39 ad transparency, AI-content disclosure, AB-587, AADC)
  • Reference knowledge-base/regulations/ for the live jurisdiction matrix (FTC native-ad guidance, EU DSA, EU AI Act Article 50, California AI Transparency Act, Utah AI Policy Act, UK ASA / CAP, Quebec Bill 96, COPPA, AADC, SB 976) and the regulated-category claim regimes that affect creative compliance
  • Reference knowledge-base/tools-ecosystem/ for the named retail-media platforms and their conversational extensions (Topsort Sponsored Prompts MCP, Amazon Sponsored Products SP-API, Walmart Connect API, Roundel, Kroger Precision Marketing, Albertsons Media Collective, Microsoft Copilot ads, Google AI Mode sponsored, Criteo Retail Media, Citrus / Epsilon, Mirakl Ads, Pacvue, Skai, Perpetua)
  • Use the merchant's communication tone from config.yml → brand.voice for the rationale text the merchant team will read; the auction-rule and disclosure-string outputs themselves use the platform-required exact strings rather than the merchant's voice

Process:

  1. Surface-and-inventory framing — Convert the surface list into a per-surface inventory map. For each in-scope surface, name: the modality (chat / voice / multi-modal), the slot inventory (e.g., one Sponsored Prompts slot per turn for high-intent product queries; up to two Sponsored Product cards in a carousel; zero slots for refusal / low-confidence / safety turns; zero slots for the merchant's own outbound lifecycle copy unless explicitly opted in), the response-format rule (the platform's required template), the eligibility-tier classification (high-intent product query / category-browse / inspiration / informational / off-topic / refusal), and the organic-vs-sponsored ratio per slot. Output a per-surface inventory table the platform team can paste into its surface configuration.

  2. Demand-side federation and eligibility-filter design — Map the active retail-media demand partners onto the surface inventory. For each demand partner, name: the campaign-type (Sponsored Products / Sponsored Brands / Sponsored Display / Sponsored Listings / Sponsored Prompts / DSP), the ingestion mechanism (Topsort MCP, Amazon SP-API, Walmart Connect API, Criteo, Mirakl Ads, direct), the per-advertiser opt-in / opt-out for conversational extension (an existing Sponsored Products campaign does not automatically extend to conversational inventory; advertiser opts in per surface), the per-advertiser bid override per surface, the per-advertiser brand-protected-term map (their own terms competitors cannot bid on, plus any third-party brand-protection rules they enforce), and the per-advertiser brand-safety setting. Decide the eligibility filter the auction runs before the auction itself: regulated-category exclusion → minor-protection exclusion → keyword blocklist → news-event / crisis blocklist → competitor-adjacency exclusion → per-shopper / per-session frequency cap → brand-safety adjacency → creative-compliance gate. Express the filter as an ordered pipeline so platform engineering can wire it deterministically.

  3. Auction-format and bid-floor design — Choose the auction format per surface and inventory tier: first-price (simple, transparent, advertiser-side budget pacing handles the fairness), second-price-with-soft-floor (yield-protective on long-tail inventory), programmatic-guaranteed (top brand-sponsorship lane on owned-and-operated surfaces). Set the bid floor per surface and tier using a bottom-up model: for each tier, the floor = max(merchant reserve price, the comparable-inventory floor on adjacent display / search surfaces, the yield-protection floor implied by organic-result conversion rate × organic-result attributed margin). Document the take-rate (the merchant's revenue share, typically 30–60% on conversational inventory but read from config.retail_media.take_rate_target), the cap on sponsored impressions per session and per shopper, the quiet hours during which sponsored placements are suppressed (e.g., during a service-impacting incident, during a high-stakes refusal turn, during an account-recovery turn), and the auction telemetry the surface emits (winning bid, second-price, clearing price, win-rate per advertiser, revenue per thousand turns).

  4. Disclosure and labeling rule set — Build the per-surface, per-jurisdiction disclosure matrix. For each in-scope locale, name: the sponsored-placement label in the platform-required exact string (e.g., "Sponsored", "Ad", "Promoted"), the FTC native-ad-guidance compliance pattern (label is clear and conspicuous, near the claim, unambiguous, in the same modality as the placement — text label for text placement, audio "this is a sponsored message" for voice, screen-reader announcement for accessibility), the EU DSA Article 26 / Article 39 ad-transparency obligations (advertiser identity disclosure, principal-on-whose-behalf disclosure, audience-parameter disclosure on request), the EU AI Act Article 50 / California AI Transparency Act / Utah AI Policy Act AI-content disclosure if the placement copy itself is AI-generated, the AB-587 platform-disclosure obligations, the UK ASA / CAP disclosure rule, the Quebec Bill 96 fr-CA-by-default rule, and the AADC / COPPA / SB 976 minor-surface rule (suppress sponsored placements on confirmed-minor sessions). Specify placement of the disclosure (inline prefix is the FTC default; inline suffix or footer is generally insufficient for native ads), the legibility rule (≥ 12pt or platform-equivalent, ≥ 4.5:1 contrast, no color-only signaling), and the audio equivalent (preceding the placement, same speaker, same clarity). Output a per-locale, per-surface table of the exact disclosure copy the runtime emits.

  5. Brand-safety and adjacency matrix — Translate the brand-safety taxonomy and adjacency rules into a runtime gate. For each placement candidate, the gate evaluates: (i) organic-answer category (regulated, news / crisis, safety / harassment, political / controversy, low-confidence / refusal, normal product / category) — sponsored placements only ride on normal product / category and category-browse turns by default; (ii) per-advertiser adjacency rule (e.g., infant-formula advertiser cannot run on recall / safety queries; airline advertiser cannot run on crash / weather-disaster queries; diet-product advertiser cannot run on eating-disorder queries; firearm advertiser cannot run on minor-related queries); (iii) GARM / IAB Tech Lab brand-safety category match against the agent's classified intent; (iv) competitor-adjacency rule (advertiser A cannot run on advertiser B's brand terms where the merchant's brand-protection contract enforces it). Express the matrix as a 2D table (intent category × advertiser category) the runtime can consult deterministically. Default to suppress sponsored placement on any unclassified or low-confidence intent.

  6. Creative-compliance gate — Define the static + runtime checks every creative passes before serving. Static checks (run at advertiser-creative-upload time): per-asset character limits, banned-phrase scan ("best" / "#1" / "leading" without substantiation; outcome promises in regulated categories; comparative claims without proof; political claim language; "FDA-approved" outside the actual approved indication), required-disclaimer presence per regulated category (e.g., supplement DSHEA disclaimer, alcohol age-gate prompt, financial-product APR disclosure, pharmaceutical fair-balance), image-content policy (no minors in regulated categories, no nudity, no on-pack medical claims, no AI-generated photorealistic likeness without consent), C2PA / content-credentials presence on AI-generated creative where required by jurisdiction, and trademark / brand-protected-term scan. Runtime checks (run when the creative is composed into the agent's response): the creative is escaped and fenced so its text cannot be parsed as instructions to the agent; the creative is sandboxed in the agent's response template (the agent generates its organic answer first, then the placement is appended in a clearly-bracketed sponsored slot); the agent does not summarize, paraphrase, or "incorporate" the creative into its organic answer; the agent does not endorse the placement in its own voice (no "I recommend …" prefacing a sponsored card). Specify the named human reviewer for any creative that fails a static check at high severity.

  7. Prompt-injection and inventory-quality defense — Stand up the threat model and the defenses. Threats: (a) advertiser creative containing prompt-injection text designed to override the agent's persona, refusal posture, or guardrails; (b) advertiser creative containing covert instructions aimed at the next agent in a multi-agent chain (e.g., a buyer-side agent reading a sponsored card and being manipulated into a different outcome); (c) advertiser creative containing data-exfiltration payloads (prompts that ask the agent to leak system prompt, retrieval index, prior shopper PII, internal pricing, or competitor data); (d) impression-fraud and click-fraud from bot-initiated buyer-side agents (Visa-reported 25–40% of agent-initiated traffic is malicious-bot-adjacent — that is the planning baseline); (e) inventory-stuffing attempts where an advertiser attempts to win every slot by overbidding to push competitors out of share-of-voice while running creative that violates compliance. Defenses: static + classifier scan on every creative; runtime escape + fence + sandbox of creative inside the agent prompt; rate-limit and dedupe per session and per shopper; bot-impression filter (the placement does not bill if the buyer-side agent does not present a verified MAAI / delegated-purchase-token / Web-Bot-Auth attestation, or if the session signal is impression-fraud-positive); inventory-stuffing detection (per-advertiser share-of-voice cap; auto-relax the cap if competing advertisers do not bid; alert if one advertiser exceeds the SOV ceiling sustained); and a content-incident playbook that pulls a creative from rotation within 1 hour of a confirmed prompt-injection or compliance breach.

  8. Measurement and closed-loop attribution contract — Author the measurement contract the surface offers each demand partner. Name: the attribution window (view-through 1–7 days; click-through 7–30 days; last-touch is default; multi-touch is opt-in), the closed-loop sales feed (SKU-level, basket-level, or merchant-loyalty-ID-level, with a clean-room / privacy-preserving option for shopper-level cross-channel reporting), the measurement taxonomy (ROAS, iROAS / incremental ROAS via geo-experiment or PSA holdout, CPS, view-through rate, click-through rate, conversion rate, attributed sales, share-of-voice), the discrepancy budget vs. the advertiser's own measurement (target ≤ 5–10% gap; the Albertsons-cited 63% inter-network ROAS gap is the anti-target), the reporting cadence and surface (real-time event stream, advertiser dashboard, weekly export, monthly business review), and the attribution-deduplication rule with adjacent display / search surfaces so a single sale is not credited twice. Specify the privacy / clean-room boundary (no raw shopper PII to advertisers; all cross-channel matching runs in a clean room or on a hashed-ID basis), the differential-privacy or k-anonymity threshold on small-cohort reports, and the audit-log of every measurement query.

  9. Yield-management and floor-tuning loop — Define the closed-loop tuning that adjusts bid floors, take-rates, and SOV caps over time. Telemetry: revenue per thousand turns (RPM), revenue per session, organic-conversion rate at the slot vs. sponsored-conversion rate at the slot, advertiser-bid distribution, win-rate per advertiser, complaint rate (shopper "this isn't relevant" feedback), and CSAT delta on turns with sponsored placements vs. without. Tuning rules: raise the floor if organic-conversion rate at the slot exceeds the sponsored-conversion rate by more than the take-rate (the placement is a yield drag, not a yield gain); lower the floor on under-monetized inventory tiers if win-rate is below the SOV target; auto-relax SOV cap if competing advertisers do not bid; alert if the per-shopper or per-session impression cap is consistently saturated with low CSAT. Tie tuning to a named yield-management owner and a weekly review cadence; rollback on any red-line metric. Cross-link to dynamic-pricing-strategy for the parallel discipline on price-action authority and to personalization-strategy for the parallel discipline on organic-recommendation logic so the three loops do not contradict.

  10. Buyer-side-agent eligibility and attestation rule — Define how the mediation layer treats inbound traffic from buyer-side agents. Rules: (i) the surface defaults to the same auction logic for human and agent traffic only after the buyer-side agent presents a verified attestation (MAAI / delegated-purchase token / Web Bot Auth signature) — unverified agent traffic falls into a quarantine tier where sponsored placements are suppressed, organic-only responses are returned, and the session is rate-limited; (ii) per-advertiser opt-in for buyer-side-agent eligibility — an advertiser can choose to allow, disallow, or surface-differently to verified agent traffic; (iii) per-advertiser frequency cap on agent traffic separate from human traffic so a single buyer-side agent does not exhaust the advertiser's daily impression cap on a comparison-shopping run; (iv) measurement segregation so advertisers see agent-attributed sales separately from human-attributed sales (necessary for clean-room comparison and for advertiser-side budget allocation); (v) refusal-to-extend-sponsored-into-negotiation rule so the mediation layer does not surface a sponsored placement on a turn where the buyer-side agent is negotiating price (sponsored placements are inventory-discovery surfaces, not price-negotiation surfaces). Cross-link to agentic-commerce-readiness for the merchant-surface side of the same handshake, to brand-agent-authoring step 9 for the seller-side negotiation posture, and to agentic-checkout-fraud-shield for the purchase-side fraud signal.

  11. Audit-log and observability schema — Define the per-impression and per-click audit record the runtime writes: timestamp, surface, locale, conversation ID, shopper ID (or anonymous-session ID, with a separate flag if the session is a verified buyer-side-agent session), turn intent classification, eligibility-filter decision trace (which gates passed, which gates blocked, which advertisers were eligible), auction trace (winning advertiser, winning bid, second-price, clearing price, take-rate applied), creative ID and creative-compliance-gate result, disclosure-string emitted, brand-safety-matrix decision, prompt-injection-defense decision, measurement event ID, and the linked organic-answer record from the agent runtime. Set retention from config.audit.retention_days with a default that satisfies the longest applicable regime (typically 13 months for ad-network billing reconciliation; longer for regulated-category disputes and EU DSA evidence retention). Surface the schema as something the platform team paste-installs.

  12. Drift-detection scorecard and rollback trigger — Build the offline + online evaluation pack the merchant runs continuously: (a) a fixed sample (≥ 200 turns per surface per week) graded by a human or grading model on disclosure-correctness (% of placements with the correct platform-required exact label in the correct position), brand-safety-correctness (% of placements that pass adjacency rules in retrospect), creative-compliance-correctness (% of creatives that pass the gate including in-context where injection attempts may have been dynamic), regulated-category-leak rate (% of placements adjacent to regulated-category turns), prompt-injection-incident rate, and inventory-stuffing-incident rate; (b) online metrics: RPM, revenue per session, organic-vs-sponsored conversion delta, CSAT delta on turns with sponsored placements vs. without, advertiser ROAS, advertiser iROAS, complaint rate, refund / credit rate on sponsored-attributed orders, and the discrepancy vs. advertiser-side measurement. Set thresholds for green / amber / red per metric and the rollback trigger: any red on disclosure-correctness, regulated-category-leak rate, or prompt-injection incident-rate triggers an immediate suppression of sponsored placements on the affected surface and a same-day incident-response cycle; any red on RPM or advertiser ROAS triggers a yield-tuning cycle within the week; any sustained amber on CSAT delta triggers a frequency-cap or eligibility-filter review. Include a content-incident playbook (regulated-category leak, brand-safety adjacency violation, missing or wrong disclosure, prompt-injection in creative, inventory-stuffing, measurement-discrepancy beyond budget) with the named human owner and SLA per category.

  13. Rollout, rollback, and surface-sequencing plan — Sequence the launch: shadow mode (mediation runs and logs decisions but no placement is rendered) → low-stakes surface (first-party site chat widget, 5–10% traffic, with a short list of opt-in advertisers) → first-party full → platform-resident surfaces (Topsort Sponsored Prompts MCP / Target ChatGPT contextual ad pilot / Microsoft Copilot retail-media / Google AI Mode / Amazon Sponsored on Rufus / Walmart Connect on Sparky / Roundel / Albertsons Media Collective / Kroger Precision Marketing AI Search Bar) one at a time with a 2-week soak and a same-day rollback window. Set rollback windows per surface (default same-day on regulated-category leak; 1 hour on prompt-injection or creative-compliance breach; 1 week on yield drag; 4 weeks on measurement-discrepancy). Name the on-call owner per surface (Retail Media GM, Platform Engineering, Legal, Brand Safety, Privacy, Trust & Safety, Finance / Yield) and the change-management board that approves a mediation-rule, eligibility-filter, or take-rate change. Tie the rollout to escalation_thresholds and the brand's existing crisis-comms protocol. Cross-link to agentic-commerce-readiness for the merchant-surface readiness contract and to brand-agent-authoring for the agent-side persona / refusal posture so the mediation layer and the agent layer do not contradict at runtime.

  14. Config-utilization checklist — Confirm the output uses brand.voice, brand.disallowed_phrases, brand.disallowed_claims, brand.surfaces, regulated_categories, jurisdictions, retail_media.demand_partners, retail_media.brand_protected_terms, retail_media.bid_floor_by_surface, retail_media.take_rate_target, retail_media.disclosure_strings_by_jurisdiction, retail_media.brand_safety_taxonomy, retail_media.adjacency_rules, audit.retention_days, and escalation_thresholds from config.yml rather than generic placeholders. Mark any unavailable field so the merchant can backfill config.yml before the surface ships.

Output requirements:

  • Per-surface inventory map (modality, slot inventory, response-format rule, eligibility-tier classification, organic-vs-sponsored ratio per slot)
  • Demand-side federation table (per-partner: campaign type, ingestion mechanism, opt-in for conversational extension, bid override, brand-protected-term map, brand-safety setting)
  • Eligibility-filter pipeline (ordered: regulated-category exclusion → minor-protection → keyword blocklist → news / crisis blocklist → competitor-adjacency → frequency cap → brand-safety adjacency → creative-compliance)
  • Auction-format and bid-floor table (per-surface, per-tier auction format, floor, take-rate, SOV cap, quiet-hours rule, telemetry emitted)
  • Disclosure matrix (per-locale, per-surface exact disclosure copy, placement, legibility rule, audio equivalent)
  • Brand-safety adjacency matrix (intent category × advertiser category, default suppress on unclassified / low-confidence)
  • Creative-compliance gate spec (static + runtime checks, named human reviewer for high-severity failures)
  • Prompt-injection defense spec (threat model, static + classifier scan, runtime escape / fence / sandbox, bot-impression filter, inventory-stuffing detection, content-incident playbook)
  • Measurement contract (attribution window, closed-loop feed, taxonomy, discrepancy budget, reporting cadence, clean-room boundary, dedupe rule across adjacent surfaces)
  • Yield-management tuning rules (floor / take-rate / SOV-cap adjustments, telemetry, weekly review, named owner, rollback red-lines)
  • Buyer-side-agent eligibility rule (attestation gate, per-advertiser opt-in, frequency cap, measurement segregation, no-sponsored-on-negotiation rule)
  • Audit-log schema (per-impression and per-click record fields, retention, PII / privacy-preservation policy)
  • Drift-detection scorecard (offline + online metrics, green / amber / red thresholds, rollback trigger, content-incident playbook with named owners and SLAs)
  • Rollout / rollback plan (shadow → low-stakes first-party → full first-party → platform-resident surfaces, 2-week soak, rollback window per incident category, on-call owner per surface)
  • Config-utilization checklist — names which config fields were applied; flags any unavailable field
  • Correct retail-media and conversational-AI terminology (CPC, CPM, CPS, ROAS, iROAS, view-through, click-through, programmatic-guaranteed, second-price-with-soft-floor, sell-side mediation, supply-path optimization, Sponsored Brands / Products / Display / Listings / Prompts, MCP-mediated retrieval, semantic matching, intent classification, system prompt, retrieval-augmented generation, refusal posture, prompt injection, FTC native-ad disclosure, EU DSA Article 26 / 39, EU AI Act Article 50, AB-587, GARM, IAB Tech Lab, MAAI, delegated-purchase token, Web Bot Auth, clean room, k-anonymity, differential privacy, iROAS holdout)
  • Professional formatting appropriate for retail-media, platform-engineering, legal, brand-safety, privacy, and yield-management audiences
  • Saved to outputs/ if the user confirms

Example Output

[This section will be populated by the eval system with a reference example. For now, run the skill with sample input to see output quality.]

This skill is kept in sync with KRASA-AI/retail-ai-skills — updated daily from GitHub.

All Retail & E-commerce skillsGet started with Claude, ChatGPT, or Gemini