corporate-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly requires ingesting and validating corporate-action announcements from external public sources (e.g., DTCC, Bloomberg, and SEC EDGAR) — see the "Announcement" section and "Step 1 — Pre-Event Validation" — and those third-party terms directly drive event setup and processing decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly about executing corporate-action workflows that move cash and securities: it prescribes collecting and submitting voluntary elections to DTC/custodians (references to PTOP/ATOP and DTC submissions), processing settlement (removing shares, crediting cash, cash-in-lieu), applying proration and tender submissions, and posting realized gains/losses. Those are specific, operational financial actions (submitting elections and effecting cash/share movements via depository/custodian systems), not generic tooling. Therefore it grants direct financial execution capability.