sf-payments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Before Writing Code" section explicitly instructs the agent to web-search and web-fetch public Salesforce Payments setup guides and processor SDK docs (open/public third-party sources) which the agent is expected to read and use to drive implementation decisions, creating a clear path for indirect prompt injection from third‑party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to implement payment processing: it references Salesforce Payments integrating with Stripe, Adyen, PayPal, tokenization/PCI, 3DS/SCA flows, and B2C/B2B payment adapters. It defines the authorize/capture/refund/void/sale lifecycle, server-side hooks (authorize.js, capture.js, refund.js, void.js), an Apex PaymentGatewayAdapter with authorize/capture/refund/sale methods, guidance on storing API keys and webhook handling, and mentions processor SDKs and saved payment methods. These are concrete financial execution operations (sending transactions, capturing funds, issuing refunds) and integrations with payment gateways, not generic tooling.