lemonsqueezy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit API key/token examples and instructs use of a --api-key/--key command-line flag and auth commands that would require embedding secrets verbatim in generated commands or output, creating an exfiltration risk despite recommending env vars.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill issues runtime requests to the Lemon Squeezy API (e.g., commands like "lmsq orders list", "lmsq customers get", "lmsq products get" and the public licenses API) and ingests store/customer/product/license fields that can contain untrusted/user-generated content which the agent is expected to read/interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated CLI for the Lemon Squeezy e-commerce/payment platform and exposes explicit financial operations: creating checkouts (initiating purchases), generating invoices, refunding orders and subscription invoices, managing subscriptions (cancel/pause/resume), and related billing resources. These are specific, non-generic payment-related actions able to move or reverse money via the Lemon Squeezy API, so it grants direct financial execution capability.