openai-responses

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes a Web Search built-in tool (e.g., "tools: [{ type: 'web_search' }]" in the "Built-in Tools (Server-Side)" and polymorphic outputs showing web_search_call with URLs/snippets), so the agent fetches and ingests open/public web content (untrusted third‑party content) and is expected to read/interpret it as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents MCP integrations with payment gateways. It includes concrete Stripe examples (server_label 'stripe', server_url 'https://mcp.stripe.com') and an example that creates a "$20 payment link" using an MCP Stripe server with an OAuth token. That is a specific, built-in pathway to perform payment actions (payment gateway operations), which grants direct financial execution capability.