subscription-schemas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly ingests external webhook payloads from payment providers into the webhook_events.payload JSONB column (templates/webhook_events_table.sql / webhook_events table) and includes processing/replay logic and queries that expect the system to read/interpret those third-party webhook bodies (Stripe/Paddle/LemonSqueezy), which are untrusted external inputs.