security-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The legal-compliance-checker capability explicitly lists a "WebSearch" tool in references/studio-operations_legal-compliance-checker.md, which allows the agent to fetch and read open/public web content (potentially user-generated or arbitrary sites) as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes a "Risk Manager" capability that is explicitly about portfolio risk, position limits, creating hedging strategies, calculating expected returns and "implementing stop-loss" (实施止损). Implementing stop-loss and creating hedges implies placing trading orders / managing market positions, which is a specific financial operation (market orders/trade execution). Under the core rule, this is a specifically designed financial tool rather than a generic capability, so it constitutes direct financial execution authority.