find-workers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md steps 3 and 4) explicitly requires calling the Instawork Partner MCP (setup.md: https://finch.instawork.com/mcp/partner/) to fetch partner-provided position templates and on-site instructions (user-supplied/untrusted) which the agent must read and act on to create bookings, so those third-party contents can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit payment-related APIs and booking-confirmation actions: it has getPaymentOptions (to list/select stored payment methods) and createBooking (which "create[s] and confirm[s] a booking with positions, shifts, pricing, payment, and roster details"). The workflow requires selecting a payment option (or silently using the sole option) and may confirm bookings that include payment — i.e., it is explicitly designed to perform payment-related operations, not merely generic browsing or HTTP calls. Therefore it grants direct financial execution capability.