payment-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill contains explicit runtime network reads from third-party endpoints (e.g., getExchangeRates fetch('https://api.exchangerate-api.com/v4/latest/USD') in references/multi-provider-order-management-patterns and many provider API/webhook calls to Polar/Paddle/Creem shown across the references and implementation workflows) and then parses those responses to drive decisions (currency conversion, discount sync, order processing, webhook-driven actions), so untrusted external content can materially influence tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment-integration toolkit for specific payment gateways (SePay, Polar, Stripe, Paddle, Creem.io) and includes gateway-specific APIs/endpoints, checkout session generation, transaction endpoints, subscription management, QR payments, revenue splits, and scripts for webhook verification and checkout creation. These are direct financial execution capabilities (payment processing, creating checkout sessions, handling transactions/subscriptions, splitting revenue) rather than generic tooling. This matches the "Payment Gateways / send transaction / manage subscriptions" criteria for Direct Financial Execution.