fintech-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and ingests user/third-party data from Plaid (getTransactions / transactionsGet) and processes Stripe webhook payloads (/webhook/stripe), and that untrusted content is read and used to drive decisions and actions (transaction flagging, payment/refund/subscription handling), so metadata/descriptions from those sources could indirectly influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates payment and banking APIs and includes code that creates payments, refunds, charges, transfers, and exchanges bank linking tokens. Examples: Stripe usage (stripe.paymentIntents.create, stripe.refunds.create, stripe.charges.create, stripe.transfers.create, subscription and Connect patterns, webhook handling) and Plaid flows (link token creation, public token exchange, transactions fetch). These are concrete, purpose-built financial operations (sending charges/refunds/transfers and exchanging bank access tokens) — i.e., direct capability to move or control funds.