aegis-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and processes external URLs and document content (e.g., the PIX schema in references/pix and examples that include link/pdfUrl fields "Para scraping PDFs e boletos") and uses that scraped/ingested third‑party content to create/validate PIX/boleto transactions and drive processing logic, so untrusted public content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets financial operations: it includes PIX and boleto payment implementations (interface definitions, an /api/v1/pix/transfer pattern), a PIX transaction validator script, a boleto payment workflow, and server-side procedures (tRPC createTransaction mutation) that create/handle transactions. It also exposes voice commands for initiating transfers ("Faz uma transferência para...") and testing tools for PIX transaction flows. These are specific payment execution patterns (PIX/boletos) rather than generic tooling, so it grants direct financial execution capability.