trigger-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Webhook Handler" section shows the skill ingesting and acting on third‑party webhook payloads (e.g., Stripe, GitHub) which are untrusted/user-controlled and are parsed to drive task behavior (switching on payload.type and invoking handlers), creating a clear vector for indirect prompt/instruction injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists a Stripe integration and includes webhook handling for Stripe events (e.g., handling checkout.session.completed and customer.subscription.updated). It references @trigger.dev/stripe and workflows for Stripe webhooks and subscription/checkout handling, which are specific payment gateway capabilities capable of creating/processing charges or subscription updates. This constitutes direct financial execution authority.