acp-orders-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "Fetch live docs" from public third-party sites (e.g., GitHub orders RFC, https://developers.openai.com/commerce/guides/key-concepts/, and docs.stripe.com), meaning the agent will ingest untrusted web content that can materially influence implementation and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for commerce/order lifecycle management and webhook delivery, and it includes post-purchase adjustments that move money (refund, partial_refund, store_credit, chargeback, dispute) and references payment capture and Stripe webhook guidance. Those elements indicate this skill is specifically designed to integrate with payment workflows / gateways and perform financial adjustments, not just a generic API caller or browser automation. Therefore it grants direct financial execution capability.