snipcart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). SKILL.md explicitly allows the agent to proxy arbitrary requests to the Snipcart API via "membrane request CONNECTION_ID /path/to/endpoint" (see the "Proxy requests" section), so the agent will ingest third-party Snipcart data (products, orders, customer fields) that can contain user-generated/untrusted content capable of influencing actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated integration for Snipcart, an e-commerce/shopping-cart platform that implements checkout, orders, subscriptions, customers, discounts, and related payment workflows. The skill exposes explicit actions and a proxy to the Snipcart API (including POST/PUT/PATCH/DELETE) via Membrane, and Membrane manages auth so the agent can call authenticated endpoints. These capabilities are specifically designed for commerce/payment operations (creating/updating orders, subscriptions, refunds/captures via the Snipcart API), not a generic browser or HTTP tool. Therefore it provides direct financial execution authority.