api-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references explicitly instruct the agent to call Maton proxied third‑party APIs (e.g., Slack, Brave Search, Firecrawl, Apify, GitHub, WordPress) to read/list messages, search results, scraped pages and other user-generated/public web content, which the agent is expected to ingest and could materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an API gateway that explicitly includes payment and finance providers (e.g., Stripe, Square, QuickBooks, Xero, Chargebee, Google Merchant, WooCommerce) and supports POST/PUT/PATCH/DELETE calls. Because it exposes native routes to payment/billing/accounting APIs and notes modifying billing/financial data as high-impact operations, it provides explicit capability to execute financial operations (create charges, update billing records, manage invoices, etc.). This meets the criteria for Direct Financial Execution.