vtex-io-service-apps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly defines an ExternalClient pointing at an external reviews API (node/clients/reviewStorageClient.ts — "https://reviews-api.example.com") and the getReviews middleware (node/middlewares/getReviews.ts) calls ctx.clients.reviewStorage.getByProduct to fetch and return user-generated reviews, which are untrusted third‑party content that the service reads and acts on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes and exemplifies clients and methods for payment operations. It includes a PaymentGatewayClient with a charge(...) method and examples referencing ctx.clients.payments.issueRefund(...) and payment gateway endpoints. These are specific payment APIs/functions (charging and refunding) — not generic HTTP tooling — so the skill grants direct financial execution capability.