marketplacer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md requires using the Membrane CLI to connect to Marketplacer and run actions (e.g., "membrane action list" and "membrane action run") that ingest marketplace data like listings, conversations, and messages from the third‑party Marketplacer API—user-generated content the agent is expected to read and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The Marketplacer skill explicitly exposes financial objects and actions (Payment, Transaction, Invoice, Credit, Order, Refund/Return/Dispute-related items) and is intended to manage marketplace data. It uses Membrane to discover and run pre-built or custom actions against the Marketplacer API, which can include creating or modifying payments/transactions and invoices. This is not generic browser automation or a generic HTTP tool — the skill's primary domain includes handling payments/transactions, i.e., moving or managing money on a marketplace. Therefore it constitutes direct financial execution capability.