api-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes using the gateway to call and read responses from 100+ third‑party APIs (for example Slack via https://gateway.maton.ai/slack/api..., WordPress.com, and web‑search/content extraction providers like Exa and Tavily), so the agent will fetch and interpret untrusted/user‑generated external content as part of its workflow, which could carry indirect prompt instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The gateway explicitly exposes native API endpoints for payment and finance services (e.g., Stripe, Square, QuickBooks, Xero, Chargebee) and advertising APIs (e.g., Google Ads, Snapchat Ads). It supports all HTTP methods (GET/POST/PUT/PATCH/DELETE) and examples show calling Stripe endpoints. Because it provides direct, authenticated access to payment processors and financial/accounting APIs (not just a generic browser or code runner), it can be used to create charges/refunds, manage customers/invoices, and modify ad accounts — i.e., perform direct financial execution.