woocommerce-rest-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes numerous curl examples and authentication instructions that embed API keys, Basic Auth credentials, query-string secrets, and webhook secrets directly (e.g., -u ck_xxx:cs_xxx, consumer_key=..., "secret": "my-webhook-secret"), which requires the LLM to include secret values verbatim in generated commands and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill is explicitly designed to interact with arbitrary WooCommerce stores via their public REST endpoints (see SKILL.md "use when interacting with WooCommerce stores via HTTP REST API" and the GET/POST examples across references/orders-customers.md and references/analytics.md such as /products/reviews, /wc/v3/orders/{id}/notes and /wc-analytics/admin/notes), which means it fetches untrusted, user-generated content (reviews, order notes, admin notes) and exposes that content to the agent as part of its workflow — including endpoints that can trigger actions — creating a clear avenue for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The WooCommerce REST API skill explicitly exposes payment-related endpoints and actions that can move or affect funds: it includes /orders endpoints with the ability to create orders and set_paid=true, /orders/{id}/refunds to create refunds, and /payment_gateways and /payment_gateways/{id} to view/update gateway configuration. These are specific payment gateway and refund operations (not generic HTTP tools) and therefore constitute direct financial execution capability.