cartridge-paymaster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly directs using "slot paymaster policy add-from-preset" with presets "maintained at https://github.com/cartridge-gg/presets/tree/main/configs", which indicates the tool will fetch and ingest public GitHub-hosted, user-maintained presets (untrusted third-party content) that directly determine paymaster policies and therefore can influence runtime behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto/blockchain financial tool: it manages "paymasters" that sponsor transaction fees, lets users create paymasters with a budget (deducted from a team's credit balance), increase/decrease budgets, transfer paymasters between teams, and view transaction history and fees. These are specific financial execution actions (sponsoring on‑chain gas, managing credits/budgets), not generic tooling, so it meets the "Direct Financial Execution" criteria.