amazon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to open and interact with public Amazon pages (e.g., https://www.amazon.com/gp/your-account/order-history and product pages), reading page content to identify items, verify prices/addresses, and click buttons to place orders or process returns, so untrusted third‑party content could materially influence tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform purchases and refunds on Amazon via browser automation. It includes step-by-step flows to "Place order" and "Buy it again" (including "Place order without confirmation" for reorders), instructions to verify and use a specified payment method (AMAZON_PAYMENT_METHOD), and a returns flow that selects "Refund to original payment method." These are concrete actions that initiate financial transactions and refunds, so this grants direct financial execution capability.