Amazon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and analyzes public Amazon product pages and user-generated content — e.g., SKILL.md Buyer Mode ("Aggregate reviews — summarize pros/cons"), buying.md ("Deep-dive top 3 — Full review analysis, Q&A section") and pricing.md (mentions CamelCamelCamel/Keepa and "price tracking via public pages") — so untrusted third-party content can materially influence recommendations and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes purchase and refund actions on Amazon (e.g., "Add to cart, apply coupons/Subscribe & Save", "Reorder recurring items", "Gift purchases with delivery coordination", "Returns/refunds initiation"). Those are explicit e-commerce transaction operations that can move money (send payments or initiate refunds) rather than just generic browsing or data access. Although it references safety controls (requiring human confirmation), the primary and explicit capabilities include executing purchases and refund flows on a payment-enabled platform. Therefore it grants direct financial execution authority.