blink-connectors

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the connector executes API calls to third-party services (e.g., Slack /conversations and /chat/postMessage, Discord /channels/{id}/messages, Notion /search, Google Docs /documents) so the agent will fetch and read untrusted, user-generated content from public/third-party services as part of its workflow, which could contain instructions that influence subsequent tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes OAuth-connected third-party APIs including Stripe and lists payment-related endpoints such as /customers, /charges, and /subscriptions. The connector's primary exec function can perform POST/GET calls through a connected provider (after OAuth), which enables creating charges, managing subscriptions, and other payment actions. Because it contains a specific payment gateway integration (Stripe) and the ability to invoke its payment endpoints, this grants direct financial execution capability.