donately

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Running actions" and "Proxy requests" sections instruct the agent to fetch data from Donately (e.g., list-people, get-campaign, list-donations or arbitrary /path/to/endpoint via Membrane), which are third-party endpoints returning potentially user-generated/untrusted content (campaign descriptions, donor messages, etc.) that the agent will read and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated integration with Donately, a fundraising/payment platform (donations, subscriptions, fundraisers). It exposes Donately-specific resources (Donation, Subscription) and uses Membrane to run provider actions or proxy arbitrary Donately API endpoints (including POST/PUT). That combination is a purpose-built financial integration (payment/donation operations) rather than a generic API or browser tool, and therefore can be used to create or manage money-moving actions (donations/subscriptions). This meets the "specific tool for payment gateways/financial operations" criterion.