gumroad

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md instructs the agent to call the Gumroad CLI to fetch and parse Gumroad data (e.g., "gumroad products view", "gumroad sales list", "gumroad admin users comments list"), which ingests user-generated third-party content from Gumroad that the agent is expected to read and can materially influence actions like refunds, product updates, or webhooks.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes a Gumroad CLI with explicit commands that perform monetary actions (not just read-only). Notably it includes "gumroad sales refund --yes" (full or partial refunds), product create/update/publish/delete with pricing, offer-code create/delete (affecting discounts), and admin/purchases operations tied to user/payout state. These are specific, first-class ecommerce/payment operations that can move or alter funds/payouts when run with appropriate credentials, so this grants direct financial execution authority.