api-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill is an API gateway that explicitly makes runtime calls to arbitrary third‑party APIs (via https://gateway.maton.ai/{app}/{native-api-path} and the SKILL.md references/examples showing fetching Confluence pages, WordPress posts, Slack messages, GitHub repos, etc.), so it ingests untrusted, user-generated content that the agent is expected to read and that could materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an API gateway explicitly exposing native third-party APIs that include payment and finance providers (Stripe, Square, QuickBooks, Xero, WooCommerce) and ad platforms (Google Ads, Snapchat) in its supported services and examples. It provides direct passthrough to native endpoints (all HTTP methods supported) and shows a concrete Stripe example, meaning it can call payment endpoints (e.g., create charges, manage customers/subscriptions), update ad accounts/campaigns/budgets, and manage invoices/orders when an OAuth connection is authorized. Although the MATON_API_KEY alone does not grant access without user OAuth, the skill is explicitly designed to let the agent invoke financial/payment and ad-spend APIs directly once connections exist — i.e., it can send transactions or modify budgets. Therefore it meets the “Direct Financial Execution” criteria.