stripe-money-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly retrieves and acts on untrusted, user-provided content from Stripe dispute evidence and uploaded files (see references/disputes.md and SKILL.md examples that read dispute.evidence, access_activity_log, receipt/file IDs and then decide refunds or submit evidence), so third-party content can directly influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to operate against a payment gateway (Stripe). It includes concrete API operations that move or manage funds: creating payouts (stripe.payouts.create), issuing refunds (stripe.refunds.create), creating payment intents (stripe.paymentIntents.create), and balance/reconciliation operations. It also covers chargeback/dispute submissions and instant/manual payout configuration — all are direct financial execution capabilities rather than generic tooling.