connected-function-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill defines HTTP endpoints and webhook receivers that directly ingest and interpret external request bodies from third-party clients (e.g., the /process and /webhooks/stripe handlers and other POST routes in routes.ts), so untrusted external content can influence processing and downstream actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documentation explicitly includes payment gateway integration examples and configuration: it references STRIPE_API_KEY in examples and .env, a /webhooks/stripe route that verifies stripe-signature via verifyStripeSignature and processes Stripe events, and even recommends naming like "stripe-integration". These are specific, non-generic references to a payment gateway API (Stripe), which qualifies as direct financial execution capability.