buy-now-pay-later

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and task files explicitly load and render third-party BNPL SDKs/widgets (e.g., and ) and instruct server calls to Afterpay's public API (https://global-api.afterpay.com), so the agent/runtime will fetch and process external vendor scripts and API responses that directly influence checkout control flow (redirects, capture) and could therefore carry injected instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes and instructs integration with payment providers (Klarna, Afterpay, Affirm) and payment gateways (Stripe). It includes concrete setup steps that require merchant API credentials (Merchant ID, Secret Key, Public/Private API Keys) and a code example that creates a Stripe PaymentIntent with payment_method_types including 'klarna' and 'afterpay_clearpay' — i.e., explicit API-level instructions to enable and process payment methods. These are specific financial execution capabilities (payment gateway integration and transaction setup), not generic tooling, so it grants direct financial execution authority.