recoup-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and workflows explicitly instruct the agent to call Recoup API endpoints that ingest public web and social content (e.g., "Research (Chartmetric + Web)" including "Web: enrich, extract URL, deep research, web search" and "Social Media — get social posts... comments... Twitter/X" and even require fetching workflow guide pages from https://developers.recoupable.com before issuing requests), meaning the agent will read untrusted user-generated third‑party content that can influence subsequent API calls and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching runtime documentation and workflow guides from https://developers.recoupable.com (e.g., /llms-full.txt and /workflows/create-artist) before making requests, so remote content directly controls the agent's instruction flow and is a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill's API surface explicitly includes subscription and payment functionality — notably "Subscriptions — get subscriptions, create Stripe checkout session". Creating a Stripe checkout session is a payment-gateway operation (directly tied to moving money/starting payments), which meets the definition of Direct Financial Execution.