vendor-onboarding-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly requires ingesting and acting on external public third-party content—e.g., "Pull Dun & Bradstreet report" and "screen ... OFAC SDN List" in Phase 3 and other steps—so the agent reads and bases onboarding decisions on untrusted public sources that could carry indirect prompt-injection content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references and integrates financial-specific APIs and processes: IRS TIN Matching via e-Services, bank account ownership validation including real-time validation via third-party banking services (Plaid, Early Warning, ValidiFI), ACH prenotification and micro-deposit verification, and ERP payment method configuration/activation tied to payment processing. These are specific banking/payment integrations (not generic browser or HTTP tools) that enable or directly support financial transactions and payment readiness. Therefore it meets the criteria for direct financial execution capability.