gemini-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes MCP servers that perform external HTTP requests and return their responses to the agent (see api-mcp-server.js using axios with BASE_URL and examples configuring Stripe and other external APIs), so the agent will fetch and interpret untrusted third-party API content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly shows integration examples for a Stripe MCP server (gemini mcp add --name "stripe" ... STRIPE_KEY) and contains YOLO automation examples that perform payment actions: "Create a new customer and subscription using Stripe with full setup" and "Process payment via Stripe MCP". Those examples and the Stripe-specific configuration are specific payment-gateway capabilities (not merely a generic API caller) and directly describe sending/processing payments. Therefore it grants direct financial execution authority.