mpp-server-middleware

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "Fetch live docs" from public sources (e.g., https://www.npmjs.com/package/mppx, web-search results, public GitHub repos, and https://docs.stripe.com/payments/machine/mpp), so the agent would ingest and act on untrusted third-party content as part of its required workflow, enabling indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments middleware: it defines mppx.charge and mppx.session for charging requests, configures payment methods (examples include stripe.charge and tempo.charge), requires secret keys, handles amounts in minor units, verifies proofs of payment (on‑chain/SPI), and references Stripe's MPP docs. These are specific, purpose-built integrations to accept and verify payments (i.e., move money) rather than generic tooling. This matches the "Payment Gateways / Crypto/Blockchain / send transaction" criteria for Direct Financial Execution.