money-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required weekly workflow explicitly includes "Competitive scan — Monitor competitors" and SEO checks ("Check rankings, fix issues") which clearly imply fetching and interpreting public third-party web/social/search content as part of its automated operations, allowing that untrusted content to influence decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes active controls over money-related operations: it references Stripe (payment processing checks), enforces spending limits and confirmation thresholds ("Spending >$100 in a single operation" requires confirmation), and describes autonomous ad management (ad monitoring, "pause losers", ad optimization, ad-spend alert thresholds and rules that pause or stop campaigns if budgets are exceeded). Those are concrete, non-generic finance-related capabilities — specifically the orchestration can modify ad campaigns and enforce/act on spend limits (i.e., manage ad spend), and it directly interacts with payment processing status (Stripe). These behaviors map to "Managing Ad Spend Budgets" and Payment Gateway-related functionality from the Core Rule, so this skill grants direct financial execution authority.