yumpu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md (notably the "Proxy requests" and "Popular actions"/action run sections) instructs the agent to fetch and interpret content from the public Yumpu API (documents, articles, comments, RSS feeds and other user-generated items) via Membrane, exposing it to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes payment-related objects and operations for the Yumpu platform (e.g., Transaction, Payment Method, Invoice, Refund Payment, Credit Card, Bank Account, Shop Item, Subscription). It also provides Membrane actions and a proxy that can run platform actions or API requests against Yumpu (including actions that appear to perform refunds/transactions). Those are explicit payment operations (sending/refunding transactions), not just generic browser or HTTP tooling, so it grants direct financial execution capability.