builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required "integrate" recipe and the External API Integration guidance (references/external-integration.md and SKILL.md) explicitly instruct the agent to read vendor OpenAPI specs, call third-party APIs, and process webhook payloads (public/third-party API responses), which the agent will ingest and use to generate types and drive retries/webhook handling—exposing it to untrusted third-party content that can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists Stripe as an integration target in the "integrate" recipe and describes building third‑party API integrations (sandbox verification, secret handling, vendor-specific retry/idempotency, webhook verification). That is a specific payment gateway reference (Stripe) and support for the kinds of patterns used to implement payment transactions, so it grants direct financial execution capability per the rule set.