next-bulk-subscription

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the user to provide an API key and shows/uses that key inline in curl examples and in generated scripts (Authorization: Bearer {api_key}), which requires the LLM to accept and embed secret values verbatim in its outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses data from arbitrary merchant admin APIs (e.g., curl/GET calls to https://{subdomain}.29next.store/api/admin/subscriptions/ and per-subscription GETs described in SKILL.md) and uses those live responses (timestamps, status, timezone, full subscription objects) to compute actions and decide which updates to send, so untrusted third-party content can directly influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. This skill is explicitly designed to perform subscription billing actions via an Admin API and requires an API key with subscriptions:write scope. It includes concrete, specific endpoints and actions that directly affect billing and payment behavior: POST /subscriptions/{id}/pause/, POST /subscriptions/{id}/cancel/, POST /subscriptions/{id}/renew/, POST /subscriptions/{id}/retry/, and PATCH /subscriptions/{id}/ (partial updates including payment_details.gateway). It can trigger renewals/retries (likely causing charges), pause or cancel billing, and update payment gateway details. These are purpose-built, specific financial-operation APIs (not generic HTTP or browser automation), so it grants Direct Financial Execution Authority.