mpp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and ingest external, untrusted content (e.g., the client polyfill that auto-handles fetch calls, PaymentTransport/httpx client examples, Proxy.create with openai routes, and SSE parsing via Session.Sse.iterateData for upstream LLMs/OpenRouter), so the agent will read and act on third‑party web/API/stream data that could contain indirect prompt-injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments SDK/protocol. It provides concrete payment rails and APIs (Tempo stablecoins, Stripe cards, Lightning Bitcoin, card network tokens), SDK functions like charge(), session(), verify/settle, session/channel management, and examples that perform on-chain transactions, open/close channels, and accept/charge funds. It includes tooling to create accounts, manage private keys, and configure Stripe clients—i.e., explicit capabilities to move and settle money. This meets the "direct financial execution" criteria.