fiken

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests data from the public Fiken API (https://api.fiken.no/api/v2) — e.g., getContacts(), getInvoice(s), drafts, and bankAccounts as shown in the "Setup", "Available Functions", and "Complete Invoice Example" sections of SKILL.md — which are untrusted third-party/user-provided contents that the agent reads and acts on (finalizing/sending invoices), enabling indirect prompt-injection risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specialized accounting/billing API integration (Fiken) with explicit functions for creating and sending invoices, credit notes, managing products/customers, checking invoice/payment status, and reading bank accounts. It exposes specific endpoints and operations (e.g., createInvoiceDraft, sendInvoiceDraft, getBankAccounts, payment/status checks, eFaktura/EHF send methods) that are clearly financial in purpose. Even if it doesn't initiate bank transfers like a payment gateway, it is explicitly designed for financial operations (invoicing, payment status, account balances) and integrates with bank-related delivery methods, so it meets the criterion for direct financial execution capability.