cardtrader-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the public CardTrader API (base URL https://api.cardtrader.com/api/v2) — e.g., GET /marketplace/products, GET /wishlists, GET /products/export — and the SKILL.md workflows require the agent to read and act on those responses (marketplace product descriptions, seller info, wishlist items), which are user-generated/untrusted and can materially influence actions like selecting and purchasing items.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated integration for a trading-card marketplace and explicitly exposes purchase and order-management endpoints (e.g., POST /cart/add, POST /cart/purchase, GET/PUT /orders, order lifecycle states). It can create purchases, manage orders (mark shipped, set tracking, confirm cancellations) and manage listings/prices — i.e., it directly initiates and controls commerce transactions using bearer-token auth. This is specific financial execution capability (not a generic HTTP or browser tool).