api-integration-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes external, user-generated data — e.g., Slack API calls (conversations.list, chat.postMessage), Google Calendar events.list and realTimeSync, and incoming webhook payloads at /webhooks/stripe — so the agent reads and acts on untrusted third‑party content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a Stripe integration with code to create and cancel subscriptions, handle payment_intent webhooks, and verify Stripe webhook signatures. Stripe is a payment gateway and the examples show sending payment-related API calls (creating subscriptions, returning payment intent client_secret, processing payment success). This is a specific, built-in financial integration (not just a generic HTTP client), so it grants direct financial execution capability.