generators

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly includes a RemoteAnnouncementProvider that fetches announcements from a remote JSON endpoint (see announcement-banner SKILL.md and AnnouncementProvider.swift / RemoteAnnouncementProvider in the templates, e.g., fetching from "https://api.example.com/announcements"), where untrusted remote announcement data (deepLink/URL actions) is parsed and used to route actions in the app—so third‑party content can directly influence runtime behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit, provider-specific support for in-app purchase flows: a "paywall-generator" with StoreKit 2 implementation (product loading, purchasing, restoring) and "subscription-lifecycle" handling (Transaction.updates, billing retry, upgrade/downgrade). Those generators produce code that initiates and manages real monetary transactions (purchases/subscriptions) via StoreKit rather than being a generic tool. This is direct financial execution capability.