techstack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to research and ingest open/public third‑party content — e.g., running GitHub searches ("gh search repos"), reviewing public repository links, and using web-scraping tools (Cheerio/Playwright/Firecrawl) against public sites — which requires the agent to read and interpret untrusted user-generated web content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists payment gateways under "APIs & Services" (Stripe, LemonSqueezy). The presence of named payment gateway integrations qualifies as a specific financial API/tool per the rules, so it is flagged even though the skill's primary purpose is tech-stack advice.