setup-bayarcash

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references/bayarcash-api.md explicitly tell the agent to perform live lookups of public third‑party Markdown docs (e.g. https://api.webimpian.support/bayarcash/.md, the GitHub docs snapshot, WordPress plugin and Boost.space/Smithery URLs) and to read those pages before producing API guidance, so untrusted external content is fetched and can influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent to perform live lookups at runtime using Markdown endpoints (e.g. https://api.webimpian.support/bayarcash/.md?ask=...) which the agent would fetch and inject into its context to drive prompts and responses, creating a runtime external dependency that can directly control agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a payment gateway integration for "Bayarcash" and covers payment intents, FPX banks, DuitNow banks/wallets, callbacks/webhooks, transaction lookups, direct debit/e-Mandate flows, and enterprise partner merchant/payout APIs. Those are specific financial execution capabilities (creating/handling payments, payouts, and direct-debit flows) rather than generic tooling. Therefore it grants direct financial execution authority.