pikastream

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Join a Meeting" API (SKILL.md) instructs the agent to connect to arbitrary Google Meet or Zoom URLs and act as a real-time AI avatar, meaning it will ingest and respond to live, untrusted meeting participant content (and may retrieve post-meeting notes URLs), which could carry instructions that influence the agent's behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit billing/top-up APIs: a balance check, endpoints to list topup products, and a "Create Topup Checkout" POST that returns a checkout_url to complete payment. These are payment-specific operations (service credit top-ups) and thus constitute direct financial execution capability for topping up credits and initiating payment flows tied to the service's billing.