medusa-cart-checkout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Fetch live docs" from public Medusa docs (e.g., web-search site:docs.medusajs.com and https://docs.medusajs.com/resources/references/cart) and to read those external pages as part of its implementation workflow, which exposes it to untrusted third‑party web content that could influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a cart-and-checkout implementation and defines payment-specific workflows: createPaymentCollectionForCartWorkflow, initializePaymentSessionWorkflow (provider-specific), and completeCartWorkflow which requires payment authorization. These are not generic "click" or HTTP tools but are checkout/payment primitives intended to initialize payment sessions and complete/authorize transactions. That capability directly enables moving money through payment providers in an e‑commerce flow, so it meets the "Direct Financial Execution" criteria.