transparent-proxy-maintenance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md mandates sending real requests and reading responses from external/public domains as part of required workflows (e.g., "Smoke test against a real endpoint on that domain via proxy" and references to public domains like api.fal.ai, twitterapi.io, and example.com), so untrusted third-party responses are ingested and can materially influence billing, parsing, and follow-up actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly contains payment-gating logic and Stripe-specific handling (section "Stripe upgrade payment-gating" mentions invoice.paid webhooks and payment_intent_status values like requires_action/requires_payment_method), and the overall skill is centered on pricing, charging, billing headers (X-Credits-Used/X-Credits-Balance), verifying DB charges, and defining pricing/charge models. These are specific, explicit financial/payment integration behaviors (Stripe/payment intents and invoicing), not generic tooling, so it grants direct financial execution authority.