sertifi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to use the Membrane CLI to run actions against the external Sertifi service (see "Use action names and parameters" and the "Document" / "E-Signature" resources and the membrane action run examples in SKILL.md), which can return user-uploaded / user-generated documents and data that the agent is expected to read and act on, so untrusted third-party content could influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires installing and running the Membrane CLI (npm install -g @membranehq/cli — https://www.npmjs.com/package/@membranehq/cli), which fetches and executes remote code and uses Membrane's remote "action" build/run functionality at runtime to produce and execute actions that can control agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes Sertifi-specific payment functionality (e.g., Payment, Payment Link, Payment Signer, Payment Workflow) and instructs use of Membrane actions to create/run connector actions (including creating connections, listing/searching actions, and running actions). This is a purpose-built integration for managing payments/authorization (not a generic browser or HTTP tool), so it grants explicit ability to perform payment-related transactions and thus direct financial execution.