webhook-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md shows the skill directly receives and parses webhook payloads from external providers (e.g., routes/webhooks/stripe.ts and routes/webhooks/github.ts), and then acts on those event payloads to drive application behavior, meaning untrusted third-party content can influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with a payment gateway (Stripe). It includes Stripe-specific code (new Stripe(process.env.STRIPE_SECRET_KEY!), stripe.webhooks.constructEvent) and handles payment-related events like checkout.session.completed and invoice.payment_failed, updating order/payment status. Although it is focused on webhook security/processing rather than initiating payments, the skill is specifically designed to process payment gateway events and therefore qualifies as direct financial execution capability per the rule.