skillboss

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and api-integration.md explicitly instruct the agent to search, fetch, scrape, and parse arbitrary public URLs and services (e.g., "skb api call linkup/search", "skb api call firecrawl/scrape -b {'url':'...'}", parseDocument/extractFromDocument, and calculateMetadata examples that fetch props from remote URLs), and those ingested results are used in research/workflows and to drive model selection and downstream actions—so untrusted third‑party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes payment gateway functionality: it lists "Accept payments: Stripe integration for subscriptions, one-time payments, e-commerce" and references a Stripe Connect command ("Add payments via Stripe Connect → skb stripe-connect") as part of workflows and deployment. These are specific payment APIs/tools (Stripe) capable of moving money, so this is direct financial execution capability.