tapfiliate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call Tapfiliate via Membrane (see "Running actions" and "Proxy requests"), which causes the agent to fetch and interpret Tapfiliate API responses (user-generated/untrusted affiliate/referral data) that can influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill explicitly targets affiliate financial workflows (it lists "Payouts", "Invoices", "Transactions", "Recurring Commissions" and states "automating commission payouts"). Through Membrane it supports running actions and proxied HTTP requests (POST/PUT/DELETE) against Tapfiliate endpoints, which can be used to create invoices and trigger payouts/transaction operations. Those are specific financial-execution capabilities (sending/creating payouts/transactions), not merely generic browsing or querying, so it meets the "Direct Financial Execution" criterion.