bc-headless

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's "Before writing code" explicitly instructs the agent to fetch live docs from https://www.catalyst.dev/ and to web-search public sites (developer.bigcommerce.com, github.com) — untrusted, public third-party content the agent is expected to read and use to guide implementation, which could inject actionable instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about building a headless e-commerce integration with BigCommerce and includes concrete, payment-specific APIs and flows: creating carts and obtaining redirect_urls.checkout_url, embedding checkout via @bigcommerce/checkout-sdk embedCheckout(), and using the Checkout API / Payments API for payment processing (with explicit PCI implications and tokenized payment methods). These are specific tools/APIs whose primary purpose is to execute financial transactions (process payments/orders), not generic automation. Therefore it provides direct financial execution capability.