apideck-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows runtime use of the apideck-unify SDK to fetch data from downstream third-party connectors (e.g., apideck.crm.contacts.list(service_id="salesforce"), apideck.accounting.invoices.list(service_id="quickbooks"), apideck.file_storage.*), meaning the agent ingests user/third-party content from external services as part of its workflow and that content could influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an SDK specifically built to integrate with accounting, e‑commerce, and related services (e.g., QuickBooks, Xero) and exposes accounting-related namespaces and resources such as invoices, bills, and payments. It documents CRUD operations, pass-through connector operations, and a dedicated apideck.accounting.* namespace (including "payments"), which are explicit financial operations and can be used to create/modify payment and billing transactions via downstream connectors. Because the skill is specifically designed to interact with finance/payment systems (not just generic HTTP or browser automation), it grants direct financial execution capability.