influencer-matrix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's pipeline and vetting workflow explicitly require reading and evaluating public user-generated content (e.g., "Review recent content (last 20 posts)" and "Discovery Sources: Xiaohongshu search, Explore page, comment sections, UGC discovery" in Step 2), so the agent would ingest and act on untrusted third-party social/web content that can influence decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes payment-processing and payment-automation features (e.g., "Payment processing" as an IRM platform feature and "Payment Automation: Content posted → Auto-verify deliverables → Auto-trigger payment (3 days after posting) → Auto-send payment confirmation"). Those are explicit functions to trigger payments (direct financial execution) rather than merely generic API callers or browser automation.