struere-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "fetch the relevant documentation first" (listing public docs URLs) and documents that custom tool fetch is unrestricted and that struere.web.fetch() can fetch/convert arbitrary web pages (HTML/markdown), meaning the agent will ingest open/public third-party content that could contain untrusted instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The guide explicitly references payment integrations and built-in payment operations: it lists a "Flow Payments integration" in the integrations routing table, states built-in tools support "calendar or payment operations", and example agents/routers include a "billing-agent" that "Handles invoices, payments, and billing questions". It also instructs adding an integration's tools to an agent's tool list (e.g., Payments). These are specific, platform-level payment capabilities (not merely generic browser or HTTP tools), so the skill enables direct financial execution.