aspnet-health-checks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow includes registering and calling external health endpoints (e.g., AddUrlGroup(new Uri("https://api.partner.com/health")) and readiness checks in the MapHealthChecks("/healthz/ready") flow), so at runtime it fetches and interprets third-party HTTP responses which can directly affect readiness/behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references a payment gateway API: a custom health check type StripeHealthCheck using IStripeClient and AccountService.GetSelfAsync (Stripe SDK). Even though the overall skill is for health checks, it contains a specific integration with Stripe (a payment gateway), which matches the listed criteria for Direct Financial Execution tools.