stripe-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to fetch a public recipe from fullstackrecipes.com (https://fullstackrecipes.com/api/recipes/stripe-sync), which is an open third-party website the agent would read and therefore could contain untrusted, user-provided content capable of indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Stripe (a payment gateway) and implements a subscription/billing system: webhook handling to sync subscription state, usage tracking, and billing portal integration. These are specific financial/payment APIs and thus constitute direct financial execution capability.