api-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents proxying to and calling many open third-party APIs (e.g., Brave Search, GitHub, WordPress, Slack, Notion, public web/search providers) and includes examples showing the agent will fetch and consume those API responses as part of its workflow, meaning untrusted/user-generated content from those sources could influence subsequent tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an API gateway that explicitly exposes native endpoints for payment and financial services (Stripe, Square, QuickBooks, Xero, WooCommerce, Google Ads/Snapchat Ads, etc.) and includes a concrete Stripe example. Because it can proxy authenticated native API calls (OAuth tokens injected) to those services, an agent using this skill could call payment endpoints (create charges/payments), manage invoices/orders, or modify ad campaign budgets if the user connection authorizes it. Those are specific payment/financial APIs, so this skill grants direct financial execution capability when connected to such accounts.