zafer-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires loading a public onboarding video from "https://commondatastorage.googleapis.com/gtv-videos-bucket/sample/BigBuckBunny.mp4" and mandates integrating AdMob via react-native-google-mobile-ads (banner ads), both of which cause the app to fetch and display untrusted third‑party content at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates an in-app purchases/paywall flow using RevenueCat (react-native-purchases). It mandates a paywall screen, subscription options with prices, use of RevenueCat package identifiers, a purchases library file (lib/purchases.ts), and behavior for purchases/restores (paywall → purchase → main app). These are specific payment-related APIs and code paths intended to initiate and manage paid subscriptions (i.e., move money via in-app purchase flows), so it meets the "Direct Financial Execution" criteria.