backend-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The Feishu integration skill (references/domains/feishu-integration-developer/SKILL.md) explicitly registers webhook handlers that parse and act on incoming user-generated message content (e.g., the im.message.receive_v1 handler that JSON-parses message.content and calls handleBotCommand, plus card action callbacks that call processApproval), so the agent consumes untrusted third-party messages and takes follow-up actions based on their contents.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill bundle explicitly includes a "solidity-smart-contract-engineer" subskill described as an expert in EVM smart contract architecture and "DeFi protocol development." That is a domain specifically focused on blockchain-based financial operations (on-chain asset transfers, DeFi protocols, etc.), which falls under the listed crypto/blockchain category (wallets/swaps/signing/DeFi). Therefore the skill set is specifically designed to enable financial operations rather than being a generic dev tool. Other subskills (backend, Feishu integration, firmware) are non-financial, but the presence of the Solidity/DeFi specialist triggers Direct Financial Execution risk.