Skills
skills/finsilabs/awesome-ecommerce-skills/secure-checkout/Snyk

secure-checkout

Warn

Audited by Snyk on Mar 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's task (evals/payment-tokenization-and-input-validatio/task.md and inputs/product.json) requires fetching and rendering product descriptions from a headless CMS that does not sanitize user-generated HTML (including a tag), so the agent will ingest untrusted third-party content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly references and shows integration code for payment gateways (Stripe, Stripe Checkout, PayPal) — including client-side Stripe usage (loadStripe, elements, confirmPayment) and paymentIntent handling. Those are specific payment gateway APIs/flows (i.e., moving/confirming payments and handling payment tokens), so this grants direct financial execution capability rather than being a generic tool.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 11:23 AM
Issues
2