api-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill (SKILL.md) explicitly proxies and fetches data from many open third‑party services (e.g., Slack, GitHub, WordPress, Confluence) via https://gateway.maton.ai and https://ctrl.maton.ai, so the agent will ingest untrusted/user‑generated content from public APIs as part of its normal workflow and that content could contain instructions influencing subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The gateway explicitly proxies to third-party APIs that include payment and finance services (e.g., Stripe, Square, QuickBooks, Xero, Google Ads/Google Merchant, WooCommerce). It allows calling native API endpoints with managed OAuth and examples show Stripe usage. Because it exposes specific payment/financial APIs (not just a generic HTTP tool) and can be used to send payment/transaction calls when a user has authorized the connection, it grants direct financial execution capability.