turbo-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill clearly ingests untrusted third‑party content: the SDK/CLI fetches external data (third‑party pricing oracles via getFiatToAR/getFiatRates and remote payment/upload endpoints), allows arbitrary gateway/upload/payment URLs (--gateway/--upload-url/--payment-url), and processes user‑supplied files/manifests via uploadFile/uploadFolder, so the agent would read/interpret external/user-generated content at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes a dedicated payment backend (turbo-payment-service) that explicitly implements payment processing functionality: Stripe integration for fiat payments, cryptocurrency payment flows, multi-blockchain support (Ethereum, Solana, Arweave), balance/transaction management, and API/back-end payment infrastructure. The docs repeatedly state "payment processing," "managing Turbo balances and cryptocurrency transactions," and "Stripe integration," which are specific financial execution capabilities (sending/processing payments, managing balances, and handling crypto transactions). The ecosystem also includes CLI tooling with EVM wallet authentication and infrastructure components supporting multi-signature blockchain operations, further indicating explicit support for signing/sending blockchain transactions. These are not generic tools — they are purpose-built to move and manage money.