dualentry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs the agent to list/read invoices and attachments via Apideck's Accounting API (e.g., apideck.accounting.invoices.list with serviceId "dualentry") and to use the Proxy (x-apideck-downstream-url) to fetch Dualentry endpoints, which ingests third-party (user-generated) invoice/attachment content that could contain instructions affecting agent decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an accounting integration (Apideck Accounting connector for Dualentry) that exposes CRUD operations for invoices, bills, payments and bill-payments and supports creating/updating those financial records via API (examples and coverage note: "Full CRUD on invoices, bills, payments (incl. bill payments)"). It also provides a Proxy to call Dualentry endpoints directly. This is a purpose-built financial operations API (not a generic browser or HTTP tool) that can create payment/bill-payment records and thus enables direct financial execution or recording of transactions.