Skip to main content

payment-integration

Facilitates secure payment integration with Stripe and PayPal, ensuring compliance and best practices for checkout and subscriptions.

Install this skill

or
40/100

Security score

The payment-integration skill was audited on Mar 2, 2026 and we found 12 security issues across 1 threat category. Review the findings below before installing.

Categories Tested

Security Issues

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md
3description: Integrate Stripe, PayPal, and payment processors. Handles checkout flows, subscriptions, webhooks, and PCI compliance. Use PROACTIVELY when implementing payments, billing, or subscription
medium line 32

Webhook reference - potential data exfiltration

SourceSKILL.md
32- Webhook handling for payment events
medium line 41

Webhook reference - potential data exfiltration

SourceSKILL.md
415. Comprehensive webhook handling for async events
medium line 45

Webhook reference - potential data exfiltration

SourceSKILL.md
45### Webhook Security & Idempotency
medium line 46

Webhook reference - potential data exfiltration

SourceSKILL.md
46- **Signature Verification**: ALWAYS verify webhook signatures using official SDK libraries (Stripe, PayPal include HMAC signatures). Never process unverified webhooks.
medium line 47

Webhook reference - potential data exfiltration

SourceSKILL.md
47- **Raw Body Preservation**: Never modify webhook request body before verification - JSON middleware breaks signature validation.
medium line 48

Webhook reference - potential data exfiltration

SourceSKILL.md
48- **Idempotent Handlers**: Store event IDs in your database and check before processing. Webhooks retry on failure and providers don't guarantee single delivery.
medium line 50

Webhook reference - potential data exfiltration

SourceSKILL.md
50- **Server Validation**: Re-fetch payment status from provider API. Never trust webhook payload or client response alone.
medium line 60

Webhook reference - potential data exfiltration

SourceSKILL.md
60- Payment processor collapse during traffic spike → webhook queue backups, revenue loss
medium line 61

Webhook reference - potential data exfiltration

SourceSKILL.md
61- Out-of-order webhooks breaking Lambda functions (no idempotency) → production failures
medium line 64

Webhook reference - potential data exfiltration

SourceSKILL.md
64- Webhook signature skipped → system flooded with malicious requests
medium line 70

Webhook reference - potential data exfiltration

SourceSKILL.md
70- Webhook endpoint implementations
Scanned on Mar 2, 2026
View Security Dashboard
Installation guide →
GitHub Stars 1
Rate this skill
Categorymarketing
UpdatedApril 10, 2026
apibackendgrowth-marketerproduct-marketersales-engineeraccount-executivecustomer-success-managerstripepaypalmarketingsales
boisenoise/skills-collections