hotmart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows using Membrane to fetch Hotmart data (e.g., "membrane request CONNECTION_ID /path/to/endpoint" and "membrane action run" / "action list" commands), which pulls third-party Hotmart content — including user-generated items like forums/comments — that the agent is expected to read and that could influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The Hotmart skill is a platform-specific integration that explicitly exposes payment-related entities and operations (Payment, Transaction, Refund, Withdrawal, Balance, Invoice, Subscription, Order, etc.). It provides Membrane actions and a proxy to call Hotmart API endpoints (including POST/PUT/DELETE) with authentication handled, so an agent can run actions or direct API requests that create/refund/withdraw funds or otherwise modify financial state. This is a specific financial integration (not a generic browser or HTTP tool) and therefore constitutes direct financial execution capability.