raisely

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md's "Working with Raisely" and "Running actions" instructions show the agent uses the Membrane CLI to list and run actions against Raisely (e.g., membrane action list / membrane action run), which fetches user-generated/public Raisely content that the agent reads and whose outputs can influence subsequent tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill integrates with Raisely, a fundraising/donations platform, and explicitly exposes financial entities such as "Donation" and "Transaction" (and "Donation Form"). It uses the Membrane CLI to discover, create, and run actions against Raisely connections — including building custom actions and running them with JSON input. That combination enables programmatic creation or modification of donations/transactions (i.e., executing financial operations) under the agent's control, so it constitutes direct financial execution capability.