sf-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external OpenAPI/Swagger specs and WSDLs as part of its required workflow (see "External Services" / ExternalServiceRegistration in references/external-services-guide.md and the WSDL-to-Apex guidance in assets/soap/wsdl2apex-guide.md), meaning the agent is expected to parse/register arbitrary third‑party API schemas that can change generated operations and subsequent callout/agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes generating External Services from OpenAPI specs and gives a concrete example calling ExternalService.Stripe with a createCustomer operation. Stripe is a payment gateway; the example shows a specific payment-provider API integration (createCustomer), and the skill includes Named Credential/External Credential templates and deployment patterns to authenticate and call such services. This is a specific, explicit capability to invoke payment-related APIs rather than a generic HTTP tool—so it qualifies as Direct Financial Execution authority.