woocommerce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly fetches and ingests content from arbitrary WooCommerce stores via the WooCommerce REST API (e.g., https://your-store.com/wp-json/wc/v3/ endpoints for products, orders, customers) and accepts webhook payloads (/webhooks/woocommerce), which can include untrusted or user-generated data that the agent reads and processes.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a purpose-built WooCommerce integration (e-commerce) with explicit order/payment operations. It includes creating orders (createOrder) with payment_method set to "stripe" and the set_paid flag, updating order status (including "refunded"), and managing orders/customers via authenticated REST API keys. Although it does not call Stripe/PayPal SDKs directly, it explicitly manipulates payment-related order state through the store (which integrates with payment gateways), so it grants direct financial execution capability.