api-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md documents an API gateway that directly proxies and fetches data from many public third-party APIs (e.g., Slack, GitHub, WordPress, Confluence, Google Docs) and includes examples showing the agent calling GET/POST endpoints that return user-generated content (messages, posts, pages, comments) which the agent is expected to read and which could materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The gateway explicitly proxies native third-party APIs and lists payment and finance services (Stripe, Square, QuickBooks, Xero, Chargebee, WooCommerce, etc.) as supported apps. It includes examples and routing for calling native endpoints (e.g., Stripe endpoints) which can be used to create payments, manage customers, invoices, and other financial actions when authorized. Because it exposes specific payment/banking/finance provider APIs (not just a generic HTTP tool), it grants the ability to execute financial operations.