deploy-agent-team

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required spawn-prompt and agent-roster instructions (references/spawn-prompt-guide.md and references/agent-roster.md) explicitly tell researcher agents to invoke Skill(agent-browser) and bopen-tools:x-research and to WebFetch/scrape web pages and X/Twitter for research, which means the agents will fetch and interpret untrusted, user-generated third‑party web content that can influence their actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes payment gateway functionality: the agent roster contains a "payments" subagent described as "Stripe, billing, financial transactions", and the examples and TaskCreate calls explicitly reference implementing Stripe integration (webhooks, subscription creation, customer portal) and sharing Stripe webhook secrets. Those are specific, finance-focused integrations (Stripe/payment gateway) rather than generic tooling, so this skill enables direct financial execution-related operations.