apideck-node

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and reference files explicitly show the SDK fetching and ingesting user-generated third-party content (e.g., apideck.fileStorage.files.download and files.list in references/file-storage-api.md, Vault JS session/modal in references/vault-js.md, and webhook payload handling in references/webhook-api.md) from connectors like Google Drive, ATS systems, social links and others — content the agent is expected to read/handle and that could materially alter behavior, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a client-side CDN import that is fetched and executed at runtime — https://unpkg.com/@apideck/vault-js — and the examples rely on that remote JS to open the Vault modal, so it executes remote code as a runtime dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for accounting and e-commerce integrations and exposes accounting resources such as invoices, bills, and notably "payments" (apideck.accounting.* with CRUD operations). It documents creating/updating/deleting records, payment-related endpoints, and pass-through parameters for connector-specific operations (e.g., serviceId "quickbooks"/"xero") and Vault connection management for OAuth to downstream financial services. These are specific, finance-focused APIs (not generic browser or HTTP tooling) capable of initiating or managing payment-related operations via downstream connectors, so this qualifies as direct financial execution capability.