eventmodeling-translating-external-events

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly ingests and interprets external webhooks/APIs (e.g., "Identify External Event Sources" and examples for Stripe webhooks and Google Maps geofence, plus "API Polling (Scheduled Fetch)"), meaning the agent reads untrusted third-party payloads and uses them to drive translation logic and downstream actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes payment-gateway-specific content (Stripe examples: charge.succeeded, charge.refunded, charge.dispute.created), maps those external payment events to domain payment events (PaymentAuthorized), and prescribes correlation and handling patterns for payment flows (storing charge IDs, initiating payments, reconciliation). This is not mere generic webhook or browser automation content — it is specifically about handling payment gateway events and therefore touches financial execution/operations. Flag as risky for Direct Financial Execution authority.