emrah-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the runtime to fetch and execute untrusted third‑party content (e.g., the Maestro installer via curl "https://get.maestro.mobile.dev" and CI steps that download/run install-maestro.sh), and also contains runtime flows that ingest external discovery/userinfo endpoints for OIDC (AuthSession.fetchDiscoveryAsync / fetch(discovery.userInfoEndpoint)), so untrusted web content is read and can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs downloading and executing a remote installer script during CI/local setup (curl -fsSL "https://get.maestro.mobile.dev" -o install-maestro.sh && bash install-maestro.sh), which fetches and runs remote code as a required step for the Maestro E2E tooling, so I flag https://get.maestro.mobile.dev.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit in-app purchase integration (expo-iap) and full purchase flow implementations: requestPurchase / onPurchaseSuccess handlers, finishTransaction, drainPendingTransactions, restorePurchases, SKUs/price handling, and a paywall screen that initiates purchases. Those are concrete APIs/functions to initiate and acknowledge real monetary transactions (move money via App Store / Play billing), so it grants direct financial execution capability.