woocommerce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and processes data from WooCommerce stores via the gateway endpoints (e.g., https://gateway.maton.ai/woocommerce/wp-json/wc/v3/orders, /products, /reviews, /orders/{order_id}/notes), which are user-generated or third-party content (product descriptions, reviews, order notes, customer data) that the agent is expected to read and that can materially influence actions like order updates, refunds, or webhook handling.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit WooCommerce REST API integration for e-commerce operations and includes direct payment-related endpoints and actions. It documents creating orders with payment_method (example: "payment_method": "stripe", "set_paid": true), order refunds with "api_refund": true (which processes refunds through the payment gateway), and direct Payment Gateways endpoints (GET/PUT /payment_gateways/{id} and example enabling the Stripe gateway). These are specific payment gateway and refund operations (not generic browser or HTTP tooling), so the skill grants direct financial execution capability.