route-handler-design

Warn

Audited by Snyk on Jun 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). At runtime, the skill’s required workflow for public Route Handlers reads the incoming HTTP request body via request.text() / request.json() / request.formData() etc., which is attacker-controlled free text from an outsider (the caller) and is then placed into the agent’s LLM context through the handler’s parsed/processed content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly references and demonstrates integrating with a payment gateway (Stripe) — e.g. importing a stripe client and calling stripe.webhooks.constructEvent to verify Stripe webhooks. This is a specific payment-gateway API (Stripe) rather than a generic HTTP/tooling example, so it grants direct financial-execution relevant capability (handling payment events and enabling payment-related flows).

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 07:51 AM
Issues
2
Security Audit — snyk — route-handler-design