whop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill makes runtime requests to the Whop API (e.g., https://api.whop.com/api/v5/course-lessons and other endpoints returning lesson/content/description and video_url fields) and processes webhook events, which can contain user-generated/untrusted content that the agent would read and act on, enabling indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments/membership platform integration (Whop) and includes concrete API calls that move or reverse money: e.g., creating checkout configurations, managing plans/prices, cancelling memberships (which affects billing) and—most importantly—an explicit Refund endpoint (POST to /api/v5/payments/{paymentId}/refund with amount for partial refunds). These are specific, non-generic financial operations (payment/refund controls), so it grants direct financial execution capability.