Claude SDK Expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly provides and uses WebFetch/WebSearch (and the research_agent pattern that "searches → fetches articles → summarizes → synthesizes") and allows MCP connections to external services like GitHub, so the agent will fetch and read untrusted public web pages and user-generated content as part of its workflow, enabling indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references payment integration and payment-processing tools: Stripe is listed among "Example MCP Servers" (a direct payment gateway), and an integration test example expects a "process_payment" tool call. Those are specific, named financial APIs/functions (payment gateway and payment processing) rather than generic tooling, so the skill enables direct financial execution capability.