corporate-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs validating announcements by fetching and cross-referencing open third-party sources—e.g., DTCC, Bloomberg/Refinitiv market feeds and issuer filings on SEC EDGAR (see "Announcement" and Step 1 — Pre-Event Validation)—which requires the agent to read and act on external public content that can materially influence processing decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is narrowly focused on securities corporate-action processing and explicitly describes submitting elections to depositories/custodians (e.g., "collecting and submitting voluntary action elections to DTC or custodians", "submit aggregated election ... to DTC via the PTOP system"), settlement steps ("Settlement and Payment — cash is credited, new shares are delivered, old shares are removed"), and system actions that modify account holdings and cash ("remove the ... position", "credit cash", "create new ... position", "credit cash-in-lieu", "calculate realized gain/loss"). These are specific, finance-domain execution operations that effect movement of cash and securities (not generic tooling). Therefore this skill grants direct financial execution capability.