yumpu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md instructs connecting to Yumpu via Membrane (e.g., "membrane connect --connectorKey yumpu" and using "membrane action list/run ... --connectionId=CONNECTION_ID") which will fetch and return Yumpu content (public/user-generated publications, comments, RSS feeds), so the agent will ingest and act on untrusted third-party content from Yumpu.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes payment-related objects and actions (Transaction, Payment Method, Invoice, Credit Card, Bank Account, Refund Payment, Cancel Subscription, Voucher). It uses Membrane to run actions against Yumpu, and those actions can include initiating refunds/transactions and managing payment methods—i.e., explicit financial operations rather than generic tooling. Therefore it provides direct financial execution capability.