wow-api-currency-economy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and examples show the agent reading and acting on user-generated in-game content (e.g., Auction House results via C_AuctionHouse.GetItemSearchResultInfo/GetNumItemSearchResults and mail bodies via GetInboxText and MAIL_INBOX_UPDATE), which are untrusted third-party sources that can influence bidding, buying, posting, or other actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes APIs that perform transactions and move currency (in-game gold/tokens) rather than only read/display data. Examples include: C_WowTokenPublic.BuyToken() / SellToken(), C_AuctionHouse.PlaceBid(), C_AuctionHouse.StartCommoditiesPurchase() / ConfirmCommoditiesPurchase(), C_AuctionHouse.PostItem() / PostCommodity(), C_BlackMarket.ItemPlaceBid(), Trade functions (AddTradeMoney, SetTradeMoney), mail purchase/transfer functions (SetSendMailMoney, SetSendMailCOD, SendMail, TakeInboxMoney), and C_PerksProgram.RequestPurchase() / RequestRefund(). These are explicit "send transaction"/"purchase" operations that transfer or commit currency (even though it’s an in-game economy). Therefore the skill grants direct financial execution capability.