bluecart-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Popular actions" section explicitly includes actions like "Get Product Reviews — Get customer reviews for a product on Walmart" and other Membrane actions that fetch public, user-generated content (Walmart product reviews and browse results) which the agent is expected to run and interpret as part of its workflow, creating a clear vector for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit payment-related resources (Payment, Payment Method, Invoice, Bill, Credit, Expense, Budget) in its API surface and allows creating/running Membrane actions against the BlueCart API. Through Membrane action creation/run you can build and execute operations that modify those payment/invoice/billing objects (e.g., create invoices, record/payments, update payment methods). Although it does not name Stripe/PayPal/banks/crypto explicitly, the presence of dedicated payment/invoice/billing endpoints means the skill is specifically capable of performing financial transactions/operations via the API rather than being a purely generic tool. Per the decision logic (tool explicitly able to send/manage payments/transactions), this qualifies as direct financial execution authority.