wonda-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and analyze public, user-generated content (e.g., "wonda scrape social --handle @competitor", "wonda x search", "wonda reddit search", "wonda linkedin search", and "wonda scrape video --url") as part of Step 1 Gather context and downstream skill workflows, so untrusted third‑party posts/pages can directly influence generation, decisions, and publishing actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes a specific payment gateway integration: the wonda topup command "Top up credits (opens Stripe checkout)" — an explicit Stripe checkout flow. That is a specific financial execution capability (payment gateway). No generic browser automation or HTTP caller rules apply here because Stripe is named and the CLI explicitly initiates a checkout. (No crypto wallets, banking APIs, market orders, or ad-budget update APIs were found.)