rstack-ideate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses live operator examples from https://resolved.sh/llms.txt (per SKILL.md) and uses that untrusted, potentially user-generated content to populate "Operator setup" and "Buyer surface" fields that directly influence recommended actions, so it can enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit, payment-focused API endpoints and wallet/payout operations. It specifies a Tip Jar endpoint that sends USDC (POST /{subdomain}/tip?amount_usdc=1.00) and a payout setup call (POST /account/payout-address), and references setting up a wallet/payout in bootstrap. These are specific financial-execution APIs (sending funds / configuring payout addresses), not generic utilities, so it grants direct financial execution authority.