wildapricot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs using Membrane proxy requests (e.g., "membrane request CONNECTION_ID /path/to/endpoint") and mentions resources like "Forums" and "Pages", which cause the agent to fetch and interpret potentially user-generated/untrusted WildApricot website/forum/page content at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specific integration with WildApricot — a membership management system that explicitly lists "Invoices" and "online payments" among its features. The skill documents how to run pre-built actions via the Membrane connector and how to proxy arbitrary API requests to WildApricot endpoints (including POST/PUT/DELETE). Those capabilities make it possible to create/modify invoices and invoke payment-related endpoints directly (i.e., execute financial transactions rather than just view data). Although it is not a Stripe/PayPal connector by name, it is an app-specific integration that explicitly exposes payment/invoice functionality and thus grants direct financial execution authority.