xapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and accompanying guides (e.g., guides/google_search.md, guides/twitter.md, guides/reddit.md) show the agent calls and ingests live content from public social networks and web search (Twitter/X, Reddit, Weibo, TikTok/Douyin, web.search) and explicitly uses those results to summarize or drive follow-up actions (e.g., generate/post tweets), which exposes the agent to untrusted third-party content that could enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit payment functionality: the account management section exposes a "topup" command with a --method stripe option (and other methods) to add funds ("npx xapi-to topup --method stripe --amount 10"). This is a specific integration with a payment gateway (Stripe) for executing payments, not a generic API caller or browser automation. Therefore it grants direct financial execution capability.