routing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md TypeScript API and Built-in Agents explicitly configure the "research" agent with allowedTools like "web-search", "web-fetch", and "news" (see the Create Routing Service and Built-in Agents sections), which clearly permits ingesting open/public third‑party content that the agent is expected to read and could influence its decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes agents and tools for executing financial actions. It defines a "trading" agent with descriptions like "Order execution specialist" and "You execute trades efficiently...", sample routing of a trade message ("Buy 100 shares..."), and allowed tools named execute, portfolio, markets, and futures (execution/market-order functionality). It also includes crypto-specific tools/categories (solana, evm, bridge) and a "DeFi Specialist" agent configured for swaps/DEX/bridges. Those are specific financial execution capabilities (market orders and crypto wallet/bridge operations), not generic tooling, so this grants direct financial execution authority.