payment-processing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime path ingests outsider-authored free text via payment provider webhooks: app/api/webhooks/stripe/route.ts reads const body = await req.text() and app/api/webhooks/polar/route.ts reads const body = await req.text(), then parses/uses that content (constructEvent / JSON.parse) as LLM context-relevant data (even though signature-verified, the webhook payload is authored by an external party).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for payment processing and integrates with payment gateways. It contains concrete, actionable calls to payment APIs (e.g., stripe.checkout.sessions.create, stripe.billingPortal.sessions.create, webhook signature verification and handlers, and polar.checkouts.create) and covers subscription management, refunds, and server-side creation of checkout sessions. These are specific financial execution operations (creating payment sessions, managing subscriptions, processing refunds) rather than generic tooling.