api-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents a passthrough gateway that fetches content from many third-party APIs (e.g., brave-search, apify, firecrawl, wordpress, github, slack and others listed under "Supported Services" and used in examples), meaning the agent will ingest open/public or user-generated data from those external sources as part of normal workflows and that data could materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an API gateway that proxies native third-party APIs (with managed OAuth) and explicitly lists payment and finance services (e.g., Stripe, Square, QuickBooks, Xero) as supported apps. It supports all HTTP methods (GET, POST, PUT, PATCH, DELETE), injects OAuth tokens for the connected service, and includes a Stripe example. That combination enables direct calls to payment endpoints (creating charges/refunds, managing customers, subscriptions), bookkeeping/invoice endpoints, and ad APIs (Google Ads) that can modify budgets. These are specific, purpose-built integrations for financial operations rather than generic tooling, so it grants direct financial execution capability.