integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs creating and processing incoming webhooks (Pattern 3: "Create a webhook endpoint for [Stripe/service]") and planning Zapier integrations that accept triggers/actions from many third‑party apps, meaning the agent/app will ingest untrusted third‑party payloads that can drive actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets payment gateways: it calls out "Stripe" as a core integration, references "payment processors" in the description, and includes Stripe-specific webhook guidance (e.g., handling checkout.session.completed and verifying webhook signatures). Those are specific, payment-gateway integration capabilities (not just generic HTTP or browser automation), which enable financial transaction processing. Therefore it meets the criteria for Direct Financial Execution authority.