route-handler-design
Warn
Audited by Snyk on Jun 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). At runtime, the skill’s required workflow for public Route Handlers reads the incoming HTTP request body via
request.text()/request.json()/request.formData()etc., which is attacker-controlled free text from an outsider (the caller) and is then placed into the agent’s LLM context through the handler’s parsed/processed content.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly references and demonstrates integrating with a payment gateway (Stripe) — e.g. importing a stripe client and calling stripe.webhooks.constructEvent to verify Stripe webhooks. This is a specific payment-gateway API (Stripe) rather than a generic HTTP/tooling example, so it grants direct financial-execution relevant capability (handling payment events and enabling payment-related flows).
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata