photon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and examples (SKILL.md and references/examples.md) explicitly show photons scraping and ingesting open web content and user-provided URLs — e.g., the "Web Scraping Pipeline" asks for a target URL and "discoverItems/scrapeItems" that fetch and parse arbitrary webpages, and the "Minimal Photon" example fetches from https://api.weather.com — meaning untrusted third‑party content is read and used to drive decisions (summarize, confirm, send, label, or trigger follow-up actions).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documentation explicitly mentions "photons wrapping APIs (Stripe, payments)". That is a specific reference to a payment gateway and payment operations, not just a generic HTTP or code-execution capability. Because it calls out Stripe/payments as a supported/anticipated integration, the skill can be used to implement direct financial actions (processing payments, calling payment APIs), which meets the "Direct Financial Execution" criteria.