frappe-ops-cloud

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly requires adding GitHub repository URLs to "Add App" and deploy (see "Adding a Custom App" in SKILL.md and examples in references/examples.md), meaning the platform/agent will fetch and build code from public GitHub repos (untrusted, user-generated content) which can materially influence deployments and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes billing and payment-related features: "Billing: Daily/monthly subscriptions, wallet credits, multiple payment methods", "Billing system — Subscriptions, invoicing, wallet credits, ERP integration", and "Manage payouts for commercial apps" in the app marketplace. These are specific, built-in financial operations (invoicing, wallet credits, and payouts — i.e., sending money) rather than generic tooling. Therefore it provides direct financial execution capabilities.