agent-production-validator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill issues real HTTP requests and ingests responses from external services and application endpoints (e.g., APIClient against process.env.API_BASE_URL, calls to /api/users and $health, and real external APIs like Stripe) and then reads and asserts on those responses as part of its validation workflow, exposing the agent to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes integration tests for a payment gateway: it constructs a PaymentService with process.env.STRIPE_TEST_KEY and baseUrl pointing to the Stripe API and calls createPaymentIntent (checking for pi_... and payment status). This is a specific, concrete payment API integration (Stripe) capable of creating payment transactions — matching the Payment Gateways criterion for Direct Financial Execution.