ecom-conversational

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests and processes arbitrary user-generated messages via LINE webhooks and NLU flows (see SKILL.md conversation flows and references/line-oa-setup.md webhook example and references/chatbot-design.md intent handling), and those third‑party inputs are used to drive actions like intent execution, checkout, and handoffs, allowing maliciously crafted messages to influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly centered on conversational commerce and calls out in-chat checkout and specific payment integrations (e.g., "LINE Pay", "in-app payment", and platform commerce features like "payment"). Those are named payment gateway capabilities rather than generic browser or API callers, so the skill explicitly targets integrating payment/checkout functionality. Therefore it contains direct financial execution capability.