varg-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "Version Check" explicitly directs the agent to curl and parse a public GitHub raw URL (https://raw.githubusercontent.com/vargHQ/skills/main/varg-ai/SKILL.md) and the cloud-render/gateway workflows accept and fetch arbitrary http(s) URLs (image srcs, job responses) as part of normal operation, so the agent will fetch and interpret untrusted public third‑party content that can alter behavior (e.g., triggering updates or changing render/polling actions).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a programmatic checkout/payment flow: it lists purchasable credit packages with prices and shows curl code that POSTs to https://app.varg.ai/api/billing/checkout using an access token and returns a Stripe checkout URL ("https://checkout.stripe.com/..."). This is a specific payment-gateway integration (Stripe) for purchasing credits, i.e., initiating financial transactions. It therefore grants direct financial execution capability.