talentlms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly allows the agent to fetch arbitrary content from a third-party TalentLMS instance via the Membrane proxy ("Proxy requests" section), and TalentLMS can contain untrusted user-generated content (e.g., blog posts, comments, social activity, files) that the agent is expected to read and could materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The TalentLMS skill explicitly surfaces payment-related entities and actions (Payment, Invoice, Payment Gateway, E-commerce Transaction, Subscription Plan, Discount Code). It also documents using the Membrane CLI to run actions and proxy arbitrary API requests (including POST/PUT/PATCH/DELETE) against the TalentLMS API, with authentication handled for you. That combination indicates the skill can be used to perform and manage payments/invoices and configure payment gateway/e-commerce functionality — i.e., it provides direct financial execution capability rather than being purely generic automation.