webmcp-commerce-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching live docs (https://developer.chrome.com/blog/webmcp) and performing web searches/site:github.com for community implementations, and the workflow describes agents navigating retailer sites and reading product listings/reviews, which are untrusted third‑party pages that the agent is expected to interpret and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly commerce-focused and defines transactional tools that complete purchases (e.g., checkout(paymentMethod, shippingOption), checkout flows using saved cards like useSavedPayment=true). It even references integration with a payment gateway ("Stripe Checkout — checkout tool creates a Stripe session server-side") and includes subscription management and order-placing functions. These are specific, purpose-built financial/payment operations rather than generic tooling.