team-coordinator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly assigns employees whose tasks include "网页抓取" (小data), "情报收集" (小research) and "社交媒体" work (小market), and the coordinator workflow requires reading/auditing those employees' outputs to make decisions, so the skill clearly ingests untrusted public web/social media content that could influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). 该技能是一个团队协调器，但在员工能力矩阵中明确列出可执行“Polymarket 交易、策略执行、风控” 的小quant 以及负责“交易盈亏、资产报表、成本分析、预算”的小finance。“Polymarket 交易 / 策略执行” 明确涉及下单/交易（即市场订单类的资金操作），因此属于直接财务执行能力。虽未看到具体的支付网关、钱包签名或银行 API 调用示例，但显式列明的交易执行能力已满足“市场订单/买卖资产”这一风险判定条件。