n8n-workflow-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill enables the AI agent to fetch and consume untrusted third-party content — e.g., via the HTTP Request tool/toolHttpRequest (arbitrary external URLs), the Wikipedia tool, RAG/document loaders and vector-store retrievers, and by ingesting user-generated WhatsApp/webhook payloads — which the agent is expected to read/interpret as part of workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references payment gateway functionality: it mentions "NIS payments" and "Supports Israeli market (… NIS payments)", includes a "payment-webhook.json" template, and—most importantly—calls out a "Purchase model with Stripe integration" in the Rails Integration section. These are specific references to a payment gateway and payment-processing workflows (webhook handling and Stripe integration), which meet the criteria for direct financial execution capability.