treasury-administrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web scans and intelligence gathering from open/public third-party sites—e.g., "09:00
• EU Funding Portal Scan" (EU Innovation Fund, Digital Europe Programme, Horizon Europe) and uses Perplexity for "internet intelligence gathering"—so the agent will fetch and read open web content that could be untrusted or user-provided.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to manage and execute real financial operations. It references payment gateways and flows (Stripe webhook, bank wires), real bank accounts, crypto wallets and DeFi positions, and describes execution actions (execute allocations, deduct from pools, perform blockchain transactions, process EU grant wire transfers). Those are direct financial execution capabilities (moving money, signing/processing transactions), not generic tooling. Therefore it meets the "Direct Financial Execution" criteria.