porkbun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches Porkbun's live OpenAPI spec from https://porkbun.com/api/json/v3/spec during its freshness check (see "Step 2 — fetch and hash" in SKILL.md) and the agent queries that spec.json with jq and relies on its endpoint definitions to choose API calls and confirmations, so externally-hosted spec content can materially influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The Porkbun skill exposes explicit account actions that can spend money: it includes a domain/create endpoint (register a new domain) with required cost parameters, error handling for INSUFFICIENT_FUNDS, and workflows that check price then perform a purchase. Those are direct financial-execution API calls (initiating paid registrations), not generic tooling, so it grants direct financial execution authority.