api-connector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse content from third-party APIs (e.g., GET /users/anthropics/repos, GET /repos/{owner}/{repo}/pulls, social media APIs and webhook event payloads) and then use that untrusted, user-generated content to drive actions (starring repos, posting summaries to Slack, creating issues), so external content can influence tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates payment gateways and provides concrete, actionable APIs and examples for financial operations. It lists Stripe, PayPal, and Square under "Payments" with capabilities like "Payments, customers, subscriptions" and includes a concrete curl example to create a Stripe payment_intent. The Request Builder shows an interactive flow for creating Stripe payments (amount, currency, payment_intent), and the configuration stores secret keys (STRIPE_SECRET_KEY). Webhook and code-generation examples demonstrate handling payment events and taking follow-up actions (e.g., on payment_intent.succeeded). These are specific, primary functions to create/handle payments and thus constitute direct financial execution authority.