base44-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and synchronizes AI agent configurations from the remote Base44 backend (see references/agents-pull.md / agents-push.md and the agent schema in SKILL.md), which contain user-provided "instructions" and tool_configs that the agent is expected to read and that can materially change tool use and behavior — creating a clear vector for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly supports payment gateway integration: the Connectors section names Stripe as a supported connector type (and notes it is provisioned automatically on the server side). The CLI provides commands to create/push/pull connectors and to deploy resources and functions (and an exec command to run SDK-backed scripts / invoke functions). Those explicit Stripe connector references and connector management commands constitute specific payment-gateway integration rather than a generic tool, so the skill grants direct financial execution capability.