netsuite-ai-connector-instructions

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill explicitly demands "Show your reasoning throughout the process" and "Apply every rule ... — no exceptions" (and "Execute immediately"), which attempts to override system-level constraints and elicit internal chain-of-thought/internal deliberation—instructions outside the skill's legitimate scope and conflicting with its own SafeWords.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for NetSuite financial operations and exposes record-level create/update actions and transaction record types. It names and mandates use of ns_createRecord / ns_updateRecord and enumerates financial transaction recordtypes (Customer Payment, Bank Deposit, Bank Transfer, Vendor Bill, Payment, Journal Entry, etc.). It also includes URL patterns and rules for Payments and other transaction entities and enforces behavior around creating records (externalId UUIDv4, confirmation rules). Although it includes safety checks requiring user confirmation, the connector clearly provides specific, purpose-built capabilities to create and modify financial transactions (i.e., send/record payments, bank transfers, deposits), which is a form of direct financial execution authority within an ERP. This matches the "Send Transaction" / banking-related category in the core rule, so it should be flagged.