billing-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's audit scripts (scripts/audit-stripe-config.py) call the Stripe CLI to list webhook endpoints and then run curl -I/POST against those endpoint URLs, and scripts/verify-webhook-url.sh likewise fetches arbitrary HTTPS webhook URLs — both clearly ingesting untrusted/public third-party web endpoints and using the responses (HTTP codes/redirects/headers) to drive audit results and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about payment gateway integrations (Stripe). It includes Stripe-specific validation (API key regex), webhook configuration and verification, deployment parity commands for env vars, and scripts such as audit-stripe-config.py and verify-webhook-url.sh that are explicitly tied to billing/payment integrations. Although it focuses on configuration and debugging rather than issuing payments directly, it is specifically designed for a payment gateway integration, which falls under the "Payment Gateways (Stripe...)" rule for Direct Financial Execution authority.