connect-recommend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime path can invoke the company-researcher subagent to fetch and read public web content from a user-provided URL/description (outsider-authored text), which the subagent then returns and the main agent ingests into its LLM context for mapping to the decision matrix.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly and specifically focused on Stripe Connect integration and payment flows. It references Stripe-specific concepts and API-level actions (charge patterns: destination/separate/direct, application_fee_amount, transfer/reversal handling) and instructs scanning code for Connect-specific API calls and patterns such as transfers.create, payouts.create, connected_account/account_id/stripe_account, and application_fee_amount. The skill's primary purpose is to determine/manage how money moves (recommend charge patterns, who pays Stripe fees, negative-balance liability, payout operations) — i.e., it is designed for payment gateway configuration and operational control of financial flows. Therefore it meets the criteria for Direct Financial Execution authority.