bc-app-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly requires fetching live third-party content (e.g., "Fetch https://developer.bigcommerce.com/docs/integrations/apps" and performing web-searches like "bigcommerce single-click app tutorial"), which the agent is expected to read and use to drive implementation decisions, so untrusted web pages or tutorials could inject actionable instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for building BigCommerce apps and documents OAuth flows, permanent store access tokens, and specific BigCommerce API scopes including "store_payments" (payment processing) and "store_checkout" (checkout operations). Those are specific platform APIs/permissions used to process payments and interact with checkout/orders, not generic tooling. Because it enables direct integration with a merchant's payment and checkout systems (via defined API scopes and tokens), it grants direct financial execution capability.