vercel-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's examples show ingesting external, untrusted content—e.g., createWebhook/paymentWorkflow where the code awaits webhook and calls request.json(), and step examples that call fetch() on arbitrary URLs—so the agent would read/interpret third-party payloads.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documentation explicitly shows direct payment operations: examples reference chargePayment/refundPayment in workflows and, critically, include a concrete Stripe API call (stripe.charges.create) with idempotency keys. These are specific financial execution operations (payment gateway integration), not generic tooling, so the skill grants direct financial execution capability.