Xano Backend Builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's XanoScript examples and MCP tooling explicitly perform external HTTP requests and handle incoming webhooks (e.g., the fetch_external_data http.request pattern and the /webhooks/stripe handler), which ingest and process data from arbitrary third-party APIs and webhook payloads, so the agent will read/interpret untrusted external content at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and uses an MCP server URL at runtime (e.g., https://your-workspace.xano.io/mcp / https://x8ki-letl-twmt.n7.xano.io/mcp) which the agent calls to execute XanoScript and perform remote operations, so this external endpoint is a required runtime dependency that can execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes integration with a payment gateway (Stripe). Example 4 shows a Stripe webhook endpoint that parses payment events (e.g., payment_intent.succeeded) and updates order/payment status. The skill also documents creating webhook handlers, OAuth/token storage and making external HTTP requests — all explicit patterns for integrating with payment provider APIs. Because it names and demonstrates handling Stripe payment events (a specific payment gateway), it meets the "Payment Gateways" criterion for Direct Financial Execution.