fast-io

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly supports importing and fetching arbitrary HTTP/HTTPS URLs (see "URL Import" / upload action web-import) and public quickshare downloads, and then uses those imported, user-provided files as AI chat context (ai chat_with_files, files_attach or RAG) — meaning untrusted third-party content is fetched and read at runtime and can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documentation explicitly includes billing and subscription management integrated with Stripe (mentions "Billing and subscriptions managed through Stripe integration" and actions like org -> billing-create, billing-activate, billing-reset, billing-details, billing-plans, billing-meters). Those are specific payment/billing operations (including creating Stripe Setup Intents and managing subscriptions), which qualify as Payment Gateway / billing capabilities rather than generic tooling. Therefore it exposes direct financial execution authority.