mcp-stripe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the Stripe MCP server (e.g., list_customers, list_invoices, search_stripe_resources / fetch_stripe_resources) and displays/interprets customer names, metadata, invoice descriptions and other user-provided fields from that third-party service, which are untrusted and could contain injected instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Stripe MCP transaction operations tool (payment gateway integration). It exposes payment-related APIs such as create_invoice, create_payment_link, create_refund, cancel_subscription, update_subscription, retrieve_balance, create_price/product, list_payment_intents and other Stripe-specific operations, and includes connection/authentication to an MCP Stripe server. These are specific financial execution functions (refunds, invoicing, payment links, subscription management, balance queries) — even though some destructive actions require confirmation, the skill is explicitly designed to initiate and manage real monetary transactions. Therefore it grants Direct Financial Execution Authority.