activepieces

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests untrusted external content — for example webhook triggers that read arbitrary payloads (e.g., run(context) returning payload.body.data in resourceCreatedTrigger and multiple "webhook" flows like Payment Webhook) and HTTP pieces that fetch from user-configured external URLs (e.g., piece-http steps like fetch_sales_data and fetch_with_retry) — which the agent is expected to read and interpret as part of workflow execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit, specific payment integrations and actions. Notably, the "Batch Order Processing" example uses the @activepieces/piece-stripe piece with actionName "create_charge" (amount, currency, customer) which directly creates charges via Stripe. The docs also include payment-related webhook handling (payment.completed, refund.initiated) and reimbursement endpoints in approval flows. These are concrete payment gateway and payment-execution capabilities, not generic API callers.