webhook-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill ingests and processes untrusted, provider-sourced webhook payloads (e.g., via the /webhooks/stripe endpoint, the Stripe CLI "listen/trigger" flows and the test scripts) — it reads/parses and logs raw JSON from external webhooks as part of its runtime workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about payment integrations and references specific payment gateway tools and credentials: Stripe and PayPal are named repeatedly, the Stripe Python SDK and Stripe CLI are listed as dependencies/tools, and environment variables like STRIPE_API_KEY and STRIPE_WEBHOOK_SECRET / PAYPAL_CLIENT_ID / PAYPAL_CLIENT_SECRET are required. It includes provider-specific scripts and examples (setup scripts, webhook handlers) and handles payment-related events (invoice.payment_succeeded, charge.refunded, etc.). Although the content focuses on webhook security rather than initiating transactions, it explicitly targets payment providers and includes provider SDKs and API keys that enable financial operations. Per the core rule (specific payment gateway tooling present), this constitutes direct financial execution capability risk.