convex-pro-max

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation (references/functions-deep.md and SKILL.md) includes actions that fetch arbitrary external URLs—e.g., the downloadAndStore action uses fetch(args.url) and resilientFetch fetches and parses response.json—so the agent is instructed to ingest and act on untrusted third-party content which can materially influence subsequent mutations/decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes an explicit example of an action named processPayment that performs a POST to "https://api.stripe.com/..." to process a payment and then updates order status. This is a specific payment-gateway integration (Stripe), which is precisely the kind of direct financial execution capability called out in the rules. While the skill is a general Convex backend guide, the presence of a concrete Stripe payment example (sending a transaction to a payment API) meets the criteria for Direct Financial Execution.