ETL Pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow ingests “Files (CSV/JSON)” and “API Sources” content (e.g., arbitrary CSV/JSON files and REST/Salesforce responses) into the LLM context for transformation/ETL steps, which can include outsider-authored free text from external systems.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly defines a Stripe API connector (base_url: https://api.stripe.com/v1) with endpoints including /charges, /customers, /subscriptions. Stripe is a payment gateway — this is a specific financial integration rather than a generic API placeholder, so it constitutes direct financial execution capability.