saas-payment-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and routes external webhook payloads from third-party payment providers (see the handleWebhook function and routeWebhookEvent mapping in SKILL.md), parsing event.type and using that data to trigger state changes and actions, so untrusted third-party content could materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for payment processing and billing. It defines a PaymentProvider interface and concrete provider implementations (Stripe example) with functions that directly perform financial operations: createCustomer, createSubscription, createCheckoutSession, issueRefund, cancelSubscription, updateSubscription (proration), and provider.issueRefund/provider.cancelSubscription calls. It mentions and targets specific payment gateways (Stripe, Paddle, LemonSqueezy) and includes refund and billing transaction logic (proration, providerPaymentId). This is a provider-specific payment integration whose primary purpose is to move or modify money/subscriptions, so it grants direct financial execution capability.