mpp-charge-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's "Before writing code" explicitly instructs fetching live docs from public sites (https://www.npmjs.com/package/mppx, https://paymentauth.org/, web-search on github.com, and https://docs.stripe.com/), which are untrusted third‑party sources the agent is expected to read and whose content can change implementation decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to implement one-time payment/charge flows. It references concrete payment integrations and tooling (mppx charge middleware, Stripe docs and Stripe MPP integration, on-chain transactions/Tempo/Lightning, payment intent spec), shows code that invokes mppx.charge({ amount: ... }) to require settlement before access, and describes generation/fulfillment/verification of payment proofs and receipts. These are direct financial execution capabilities (sending/confirming charges, integrating payment gateways and on-chain payments) rather than generic functionality, so it meets the "Direct Financial Execution" criteria.