plaid-integration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill serves an HTML page that loads and executes remote JavaScript at runtime from https://cdn.plaid.com/link/v2/stable/link-initialize.js (used to run the Plaid Link UI and perform token exchanges), which is a required runtime dependency that executes remote code in the client context.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Plaid integration for connecting bank accounts, obtaining access tokens, and syncing transactions. Plaid is a banking API (named in the rule list) and is specifically designed for financial data access and bank linking. Even though the examples focus on transaction syncing rather than explicit payment-sending, the skill provides direct access to banking credentials/tokens and is a dedicated financial API integration, so it meets the criteria for Direct Financial Execution authority.