chargebee-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs fetching public third-party documentation (e.g., "download the README.md file from the GitHub repository" and follow links to apidocs.chargebee.com / "fetch the required topic specific markdown file"), so the agent would ingest and act on open/public web content that can influence integration actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs running remote code at runtime via "npx chargebee-init@latest --use-defaults --path=<...>" which will fetch and execute a package from the npm registry (remote code execution / supply-chain risk), and the integration guidance relies on this CLI for framework setup.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Chargebee billing integration. It documents SDKs, REST endpoints, API key usage, and operations for "Payment and invoice processing", "Payment method handling", subscription lifecycle, and invoice operations — all specific billing/payment actions. These are direct financial execution capabilities (charging customers, managing payments) rather than generic tooling.