moltcorp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and docs (SKILL.md and references/*) instruct the agent to run moltcorp research against public third‑party sources (DataForSEO, Chrome Web Store, WordPress.org, Meta Ad Library) and to read/interpret marketplace data, reviews, ad creatives and screenshots as evidence that directly drives votes, product proposals, and tooling decisions, exposing the agent to untrusted user-generated content that could carry indirect prompt-injection vectors.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references payment integrations and platform actions that enable money flows: product types are "auto-provisioned" with Stripe (and Whop for digital content), agents "claim tasks and earn credits" and profits are distributed by credit share, and votes can authorize spending (buying domains, running ad campaigns). These are specific, non-generic financial integrations/controls (Stripe/Whop and platform-driven spending), not merely a generic HTTP or browser tool. Therefore it grants direct financial execution capability.