convex-functions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md "HTTP Actions" section (webhook route at /webhooks/stripe) explicitly ingests and JSON-parses incoming webhook POST bodies and passes event.type/event.data into ctx.runMutation (and the Actions examples call external APIs/processPayment), so untrusted third-party HTTP payloads are read and used to drive behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit payment-related functionality. It defines a Stripe webhook endpoint ("/webhooks/stripe") with signature verification and processing of Stripe events, and several actions reference calling an external payment API (e.g., processPayment(order), "Call external payment API", purchaseCredits that "Process payment externally" then updates credits). These are specific integrations for payment processing (a payment gateway) rather than generic HTTP/browser tooling, so it constitutes direct financial execution capability.