israeli-freelancer-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 3 and references/utility-portals.md require the agent to browse/login to third‑party utility and municipal portals (eg. iec.co.il, bezeq.co.il, partner.co.il, municipality portals) and download/parse PDF bills/invoices whose extracted payment details and due dates are then used to drive reminders and follow-up actions, exposing the agent to untrusted third‑party content that can materially change behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a financial-operations tool for freelancers (invoice aging, VAT filing, threshold monitoring, accountant packages) and it references a specific banking integration: "use israeli-bank-connector for pulling bank transaction data (if available)". Referencing a named bank connector/direct bank integration qualifies under "Banking APIs" in the Core Rule. Although browser automation and bill downloads are generic (ignored), the presence of a dedicated bank-connector API for pulling transaction data makes this a specific financial integration.