side-hustle-maker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's research sub-agents explicitly use WebSearch/WebFetch to scan public sites and community forums (e.g., Reddit, Product Hunt, Indie Hackers and arbitrary web URLs) and synthesize those user-generated, untrusted third-party contents into its outputs, exposing the agent to indirect prompt-injection risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires integrating and configuring a billing system (Outseta) and includes steps like "Payments setup (specific Outseta steps)", "Outseta integration", and uses Outseta as part of the enforced tech stack ("Auth, billing, CRM"). This is a specific payment/billing tool rather than a generic capability, and the prompts direct the agent to perform payment setup and monetization actions. Under the decision logic (flag when the tool's primary/explicit definition is to move/manage payments), this qualifies as Direct Financial Execution authority.