webhook-receiver-hardener

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly ingests and processes untrusted webhook payloads sent by third-party providers (e.g., the /webhooks/provider route and the Stripe example that uses req.body and processWebhook(req.body)), so the agent reads and interprets arbitrary external content that could contain injected instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a Stripe webhook handling example (stripe.webhooks.constructEvent and processStripeEvent) and is specifically focused on securing/processing third‑party payment webhooks. Because Stripe is a payment gateway (a listed specific financial integration), this qualifies as a direct financial execution capability under the rule.