project-blueprint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly runs "npx vibery list" and "npx vibery search" to fetch the auto-updated Vibery ecosystem templates and selections at runtime, which are external, potentially user-contributed registry content that the agent is expected to read and use to choose components.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The blueprint skill explicitly references payment-specific components (e.g., "stripe-pro" as an Agent and commerce MCPs like "shopify" / "woocommerce") and recommends installing/configuring MCPs/agents that integrate with payment platforms. These are specific payment gateway integrations (Stripe, Shopify) rather than generic tooling, and the skill includes MCP setup instructions (env vars, auth tokens). That meets the "specific tools/APIs for Payment Gateways" criterion for direct financial execution capability.