integration-patterns-mastery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses arbitrary external iCal URLs and external APIs as part of its sync workflow (see references/sync-strategies.md: syncAllProperties adds sync-ical jobs with property.ical_url and the worker calls fetchIcal(icalUrl)/parseIcal), and it also ingests webhook payloads from external systems (webhook handlers), so it clearly consumes untrusted third-party content the agent must read/interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is expressly focused on payment gateway integration. It repeatedly and specifically references Stripe and payment flows (e.g., "Integrar Stripe/pagos", a webhook handler for Stripe, and a section saying "Implementé integración completa con Stripe" listing Customer creation/management, PaymentIntents for one‑time payments, Subscriptions, disputes/refunds/chargebacks, currency handling, idempotency). Those items are concrete payment‑gateway operations (PaymentIntents, subscriptions, refunds/disputes) and not just generic API examples. Even though some code shown is webhook handling rather than issuing charges, the skill's primary, explicit purpose includes integrating and operating Stripe (a payment gateway), which enables moving money. Therefore it meets the definition of Direct Financial Execution Authority.