background-job-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation (references/bullmq-patterns.md, "Pattern 8: Conditional Job Execution") shows workers downloading and processing arbitrary file URLs from job.data via downloadFile(fileUrl), which clearly ingests untrusted third-party content that can change workflow (skip processing or enqueue follow-ups) and thus could enable indirect prompt-injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes an explicit payment-processing example: an idempotent "charge-payment" job whose worker calls stripe.charges.create(...) to process payments. This is a specific integration with a payment gateway (Stripe), i.e., a tool expressly designed to move money.