whop-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to fetch and process user-generated content from the Whop platform (e.g., rules/engagement-forums.md uses whopsdk.forumPosts.list and rules/engagement-chat.md uses whopsdk.messages.list, plus files-upload handles uploaded files/URLs), so the agent would read untrusted third-party content (forum posts, chat messages, uploads) as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on building Whop apps and includes dedicated payment functionality: "payments", "Create checkout flows" (payments-checkout.md), "Handle payment webhooks" (payments-webhooks.md), "Send payouts to users" (payments-transfers.md), and "Billing portal & saved methods" (payments-billing.md). It also references platform features for collecting payments, enrolling connected accounts, and enabling payouts, and requires the server-side @whop/sdk API client. These are specific, built-in payment/payout APIs and flows (i.e., programmatic money movement), not generic browser or HTTP tooling.