software-payments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Freshness Protocol explicitly instructs the agent to "start from data/sources.json" (which lists 59 external documentation links) and "run a targeted web search" for platform/features, meaning the agent is expected to fetch and interpret open/public third‑party web content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments/billing integration. It names payment processors (Stripe, Adyen, Paddle, LemonSqueezy, RevenueCat, etc.) and contains concrete API usage and patterns that perform financial actions: creating Stripe checkout sessions, creating/updating subscriptions, creating balance transactions (credits), handling refunds, billing portal sessions, webhook-driven payment state changes, regional/multi-currency pricing, and end-to-end payment testing. These are specific, purpose-built payment operations (i.e., "send transaction"/move money) rather than generic tooling, so it grants Direct Financial Execution authority.