himalayas-employer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls public Himalayas MCP endpoints like search_talent and get_talent_profile (via https://mcp.himalayas.app/mcp) to ingest user-generated candidate bios, work histories, and social links and instructs the agent to read and base outreach/decisions on that content (e.g., personalizing messages), which exposes the agent to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit payment gateway integrations (Stripe). Endpoints like create_company_job and purchase_job_extras return a Stripe checkout URL, post_job_public returns a Stripe checkout URL, and check_job_payment_status queries Stripe session status. These are specific, non-generic payment tools (Stripe) used to purchase job extras/payments, so the skill enables direct financial execution capability per the rule.