stripe-scaffold

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Process step 2 explicitly instructs the agent to "Use Gemini to find current Stripe SDK usage patterns" and "look at how similar apps implement this," which requires fetching and reading public web content and repositories (untrusted third-party sources) as part of the workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to integrate with Stripe (a payment gateway). It includes Stripe client initialization, checkout session creation endpoints, webhook handlers (with signature verification and idempotency), billing/subscription state management, and portal/session creation — all of which are concrete payment-related actions (creating charges/sessions, updating subscriptions, handling invoices). This is not a generic tool; it directly implements payment gateway operations and thus grants direct financial execution capability.