mpp-dev-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's "Before writing code" explicitly instructs fetching live docs from public third-party sites (https://paymentauth.org/, the IETF datatracker draft search, https://docs.stripe.com, and npmjs.com), which the agent is expected to read and could materially influence implementation decisions, creating an avenue for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and narrowly about payment authentication and handling. It references payment gateway integration (Stripe — including STRIPE_SECRET_KEY, Stripe docs, test mode keys and test card tokens), crypto/blockchain testing (Tempo testnet, WALLET_PRIVATE_KEY), payment receipts, amount handling, and secret management for keys used in payment verification. These are specific financial APIs/keys and crypto wallet references (not generic browser or HTTP tooling), so the skill is designed for direct financial operations and could enable transaction signing/verification or payment execution.