wordpress

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly ingests and passes user-generated post content into the AI connector (e.g., the "WordPress 7.0 AI Connector Usage" code that uses strip_tags($post->post_content) with wp_ai_client_prompt to generate excerpts), meaning untrusted site/post content is read and can influence AI-driven actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes WooCommerce payment integration and references a specific payment provider: it lists "payment-integration", "stripe-integration", and "billing-automation" as invoked skills and includes prompts like "Use @payment-integration to set up WooCommerce with Stripe" and actions to "Integrate payment gateways" and "Implement subscription products". These are explicitly targeted at payment gateway integration (Stripe) rather than generic browser or API tooling, so it represents direct financial execution capability.