zalo-mini-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill documents APIs that directly open or display arbitrary external content (e.g., references/api-ui.md: openWebview(url), zaui-display.md: ImageViewer(images), and references/api-device.md: saveImageToGallery(imageUrl)), which allows ingestion/display of untrusted public URLs and user-provided content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a "Checkout SDK for payments" and calls out "integrating payments" as a primary use. That indicates built-in, specific payment integration capabilities (a payment gateway SDK) rather than a generic API or browser automation, so it provides direct financial execution authority.