expo-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflows explicitly include runtime fetching and consuming public web content—e.g., FileSystem.downloadFileAsync / fetch examples that download arbitrary URLs and the Apple Handoff guide requiring the OS to fetch the public /.well-known/apple-app-site-association file—so untrusted third‑party files/URLs can be ingested and materially affect routing or app behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents Stripe payment integration and lists payment-specific APIs (initStripe, PaymentSheet). Stripe is a payment gateway, and those APIs are specifically intended to initiate and handle payments — i.e., move money. This is a specific financial execution capability (not a generic tool), so it meets the Direct Financial Execution criteria.