dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly supports exposing the dev server publicly (SKILL.md "Modes" — --funnel is "public on the internet") and scripts/boot.sh will open an agent-browser session at that baseUrl (AGENT_BROWSER_SESSION ... agent-browser open), and /ork:expect drives agent-browser against , meaning the agent will fetch and interpret externally-hosted page content as part of its workflow, so public/untrusted content could influence subsequent tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dev-loop boot tool, but its state and boot sequence explicitly reference API emulators and show "stripe" in the emulators list (and step 3 runs "emulate --seed " when an emulate.config.yaml exists). That indicates the skill can specifically spin up a Stripe (payment gateway) emulator as part of its runtime. Because Stripe is a payment gateway (a specific financial integration), this meets the "specific tools/APIs for Payment Gateways" criterion.