highlevel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and surfaces user-generated/untrusted content from the GoHighLevel API (e.g., /conversations/, /conversations/.../transcription, /forms/submissions, /social-media-posting/ and related endpoints) and the agent reads/returns that content as part of its workflow, creating a clear avenue for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes specific, pre-defined API endpoints for invoices and payments (e.g., /invoices/ with CRUD, send, void, "record payment", Text2Pay, schedules, estimates; /payments/ with orders, transactions, subscriptions, coupons, providers; marketplace billing/charges). Those are explicit financial operations (creating/recording payments, managing orders/subscriptions and billing), not generic tooling. Therefore it grants direct financial execution capability.