appfactory-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs agents to clone and pull a public GitHub repo (e.g., "git clone https://github.com/MeltedMindz/AppFactory.git" and "git pull origin main"), run builds that produce live preview URLs and submit/view builds on factoryapp.dev and social media, so the agent is expected to fetch and interpret untrusted, user-provided third‑party content (public repo code and deployed URLs) as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a dApp pipeline with "Web3 app with wallet connect + contracts" and "Mode A: ... wallet connect, contract interactions" and mentions agent-backed dApps with on-chain tools. It also links to a token swap (Jupiter) and a $FACTORY token. These are specific crypto/blockchain capabilities (wallet/connect, contract interactions, swaps) that enable direct financial execution, not merely generic tooling.