brikl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly instructs using Membrane to proxy requests to the Brikl API (see "Proxy requests" and the membrane request CONNECTION_ID /path/to/endpoint example), causing the agent to fetch and interpret third-party Brikl data (potentially user-generated) as part of its runtime actions, which could carry indirect prompt-injection risks.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly surfaces e-commerce and payment-related primitives (e.g., "Payment Intent", "Invoice", "Order", "Subscription", "Cart") and documents how to run actions or proxy POST/PUT/PATCH requests against the Brikl API via the Membrane CLI. Those capabilities are specific to processing orders/payments and can be used to create or manage payment intents and invoices (i.e., move money/charge customers). This is not a generic browser or HTTP tool — it is a connector for a commerce platform with first-class payment objects and actionable API calls.