organizze

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and references/api_reference.md explicitly show runtime code that fetches and parses data from the external Organizze API (https://api.organizze.com.br/rest/v2) — i.e., user-generated financial transactions and invoices — which the agent is expected to read and that data can influence follow-up actions (e.g., checking dues, creating/updating transactions), creating a pathway for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a personal-finance API client (Organizze) and exposes endpoints to create and modify financial records: POST /transactions (create expenses/income/installments/recurring transactions), POST /transfers (create transfers between accounts), PUT/DELETE for transactions/transfers, and endpoints around invoices/credit-card payments. These are specific, purpose-built financial operations (including creating transfers and transactions), authenticated via API keys — not generic tooling. Therefore it grants direct financial execution capability.