convex-actions-scheduling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill repeatedly performs fetch calls to external, public APIs (e.g., fetch("https://api.example.com/process"), SendGrid, Stripe, pushover examples) and cron jobs labeled "sync external data" that read response.json() and ingest those responses into the workflow, which clearly consumes third-party content the agent must read/interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes code to call payment APIs and perform charges: examples show POST requests to Stripe endpoints (https://api.stripe.com/v1/charges and /v1/subscriptions) using STRIPE_SECRET_KEY, creating subscriptions, cancelling subscriptions, and orchestrating payment flows (processPayment, charge scheduling, idempotency handling). These are specific payment gateway integrations that enable sending transactions/charging customers, so the skill grants direct financial execution capability.