api-fetcher-specific-domains

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to "Always check references" and links to external public API docs (e.g., https://www.testmuai.com/support/api-doc/?key=hyperexecute and the Selenium API URL) requiring the agent to read and act on third-party web documentation, so untrusted external content could influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a "Payments (Stripe-style)" section with concrete payment gateway API details: base URL, auth using secret keys, and transaction-mutating endpoints such as POST /charges, POST /payment_intents, POST /payment_intents/{id}/confirm, POST /refunds, and subscription create/cancel endpoints. Those are specific payment-gateway operations that create charges, confirm payments, and issue refunds — i.e., directly move or reverse money. This matches the "Payment Gateways" criterion for Direct Financial Execution.