passkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Wallet Passes documentation (SKILL.md and references/wallet-passes.md) explicitly describes loading and parsing .pkpass bundles and calling arbitrary pass issuers' webServiceURL / GET /v1/passes to fetch updated passes, so the agent/app will fetch and act on untrusted third‑party content that can affect payment/pass behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about integrating Apple Pay / PassKit to accept payments and manage Wallet passes. It contains concrete payment APIs and flows for creating PKPaymentRequest, presenting PKPaymentAuthorizationController, handling PKPayment authorization, merchant IDs, payment processing certificates, and instructs sending payment.token.paymentData to a payment processor. This is a purpose-built payment integration (Apple Pay payment gateway), i.e., a specific tool to move money.