plaid-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The HTML served at runtime includes and executes the remote Plaid Link SDK script (https://cdn.plaid.com/link/v2/stable/link-initialize.js), which is fetched during runtime and is a required dependency that runs remote code in the client, so it meets the flagging criteria.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Plaid integration for connecting bank accounts, obtaining access tokens, and syncing transactions. Plaid is a banking API (named in the rule list) and is specifically designed for financial data access and bank linking. Even though the examples focus on transaction syncing rather than explicit payment-sending, the skill provides direct access to banking credentials/tokens and is a dedicated financial API integration, so it meets the criteria for Direct Financial Execution authority.