integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and code (SKILL.md and index.ts) explicitly allow adding arbitrary REST/webhook/websocket sources and subscribing to their incoming data (see "Add Custom Webhook Source" / "Add Custom REST Source" and "Using Data in Bots"), and those untrusted third-party payloads are used to drive actions (e.g., bot.execute), so external content could materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The integration docs are for trading infrastructure and explicitly show placing market orders via a trading bot API. Examples call await bot.execute({...}) with platforms like polymarket and kalshi and specify market, side, and size — i.e., API calls to execute trades. That is a specific financial-execution capability (market orders), not a generic data tool.