pylon

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs the agent to fetch an external docs index at runtime (e.g., https://pylonsync.com/llms.txt) as the required "source of truth" to drive answers, meaning remote content would directly control the agent's prompts/responses.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists a built-in "stripe" integration under Plugins/Integrations. That is a specific payment gateway integration (not a generic HTTP tool), and the platform's action handlers can call external APIs (and use env secrets / CLI-managed secrets), which together enable direct payment operations when configured. This matches the "Payment Gateways (Stripe...)" criterion for Direct Financial Execution.