background-job-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes worker code that downloads and processes arbitrary file URLs supplied in job data (see "Pattern 8: Conditional Job Execution" with downloadFile(fileUrl)), which clearly ingests untrusted third-party content the agent would read/interpret at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes an explicit payment-processing example: an idempotent "charge-payment" job whose worker calls stripe.charges.create(...) to process payments. This is a specific integration with a payment gateway (Stripe), i.e., a tool expressly designed to move money.