stripe-health

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs fetching and inspecting arbitrary webhook endpoints and Stripe event data (e.g., via curl "$WEBHOOK_URL", stripe events list, and checking Vercel logs), which causes the agent to ingest and interpret untrusted third-party content from public/user-provided URLs and event payloads.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically built for Stripe (a payment gateway) and includes concrete Stripe CLI/API commands that use an API key (e.g., webhook_endpoints list, events list, events resend). Although focused on webhook diagnostics rather than creating charges, it is a targeted integration with a payment gateway and directly interacts with Stripe resources using credentials — therefore it qualifies as a specific payment-gateway capability rather than a generic tool.