skills-il-skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly tells the agent to search and verify public web sources (e.g., "Search official Israeli government sources (gov.il...)" in Step 4) and to fetch/check URLs with curl in Step 9.5, so it will ingest and act on third‑party web content that can influence its decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references bank integrations and an "israeli-bank-mcp" server and describes MCP tool calls for fetching transactions and interacting with bank API patterns (Example 3, Step descriptions). Those are concrete, finance-specific APIs/servers (banking API access) rather than generic tooling, so it includes specific banking API functionality that can access financial data and thus meets the "Banking APIs" criterion for Direct Financial Execution risk.