customer-pulse-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 1 explicitly pulls PayPal disputes and HubSpot support tickets and reads review export files (e.g., Google Reviews CSV, Yelp export) — all untrusted/user-generated third-party content — which the agent ingests and uses to drive theme extraction and response drafting, so that content can materially influence its decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with a payment gateway: it pulls PayPal disputes and chargebacks (reason codes, amounts, resolution status). Per the core rule, specific Payment Gateway integrations (e.g., PayPal) count as direct financial-related capability even if this skill currently only reads dispute data and includes guardrails against automatic actions. Because the skill is specifically designed to interact with PayPal dispute/chargeback data (a payment-gateway API domain), it meets the criterion for Direct Financial Execution risk.