make-com-israeli-automations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs AI Agents to ingest and classify untrusted third-party content—e.g., Gmail "Watch Emails" attachments and webhook payloads—which the agent then uses to decide and execute actions like creating Morning documents (see Step 8 and Example 4), so external/user-provided content can materially influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly tells agents to connect at runtime to the Make.com MCP endpoints (https://mcp.make.com and zone-specific token URLs like https://<MAKE_ZONE>/mcp/u/<MCP_TOKEN>), which agents use to invoke Make.com scenarios as tools that execute external actions, so this is a runtime external dependency that can execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes integrations with Israeli payment gateways (Cardcom, Tranzila, Grow, Bit, PayMe, PayBox), describes webhook configuration and fields, recurring-charge tokens, and guidance for validating and processing payment notifications. It also documents creating billing documents (invoices) and exposing Make.com scenarios as MCP tools so an agent can invoke on-demand scenario runs. These are specific, finance-focused connectors and flows (payment gateway APIs/webhooks and invoice creation), which constitute direct financial execution capabilities.