Skip to main content

fondo-webhooks-events

Enables event-driven financial workflows using webhooks from Stripe, Gusto, and Plaid for efficient financial management.

Install this skill

or
21/100

Security score

The fondo-webhooks-events skill was audited on May 17, 2026 and we found 23 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 53

Template literal with variable interpolation in command context

SourceSKILL.md
53console.log(`Revenue: $${amount}`);
medium line 73

Template literal with variable interpolation in command context

SourceSKILL.md
73console.log(`Payroll processed: $${totalPayroll}`);
medium line 76

Template literal with variable interpolation in command context

SourceSKILL.md
76await sendAlert(`Payroll exceeded budget by ${((totalPayroll / monthlyPayrollBudget - 1) * 100).toFixed(0)}%`);
medium line 2

Webhook reference - potential data exfiltration

SourceSKILL.md
2name: fondo-webhooks-events
medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md
3description: 'Implement event-driven financial workflows using webhooks from Fondo-connected
medium line 7

Webhook reference - potential data exfiltration

SourceSKILL.md
7Trigger: "fondo webhooks", "fondo events", "stripe payroll webhooks", "financial
medium line 21

Webhook reference - potential data exfiltration

SourceSKILL.md
21# Fondo Webhooks & Events
medium line 25

Webhook reference - potential data exfiltration

SourceSKILL.md
25Fondo itself does not send webhooks. Instead, build event-driven workflows using webhooks from the same providers Fondo connects to: Stripe (revenue), Gusto (payroll), Plaid (bank transactions), and M
medium line 27

Webhook reference - potential data exfiltration

SourceSKILL.md
27## Provider Webhooks
medium line 38

Webhook reference - potential data exfiltration

SourceSKILL.md
38### Stripe Revenue Webhook
low line 44

Webhook reference - potential data exfiltration

SourceSKILL.md
44app.post('/webhooks/stripe', express.raw({ type: '*/*' }), (req, res) => {
low line 46

Webhook reference - potential data exfiltration

SourceSKILL.md
46const event = stripe.webhooks.constructEvent(
low line 47

Webhook reference - potential data exfiltration

SourceSKILL.md
47req.body, sig, process.env.STRIPE_WEBHOOK_SECRET!
medium line 64

Webhook reference - potential data exfiltration

SourceSKILL.md
64### Gusto Payroll Webhook
low line 67

Webhook reference - potential data exfiltration

SourceSKILL.md
67// Gusto sends webhooks when payroll is processed
low line 68

Webhook reference - potential data exfiltration

SourceSKILL.md
68app.post('/webhooks/gusto', express.json(), async (req, res) => {
medium line 85

Webhook reference - potential data exfiltration

SourceSKILL.md
85- [Stripe Webhooks](https://stripe.com/docs/webhooks)
medium line 86

Webhook reference - potential data exfiltration

SourceSKILL.md
86- [Gusto Webhooks](https://docs.gusto.com/)
medium line 87

Webhook reference - potential data exfiltration

SourceSKILL.md
87- [Plaid Webhooks](https://plaid.com/docs/api/webhooks/)
low line 42

Access to .env file

SourceSKILL.md
42const stripe = new Stripe(process.env.STRIPE_API_KEY!);
low line 47

Access to .env file

SourceSKILL.md
47req.body, sig, process.env.STRIPE_WEBHOOK_SECRET!
low line 85

External URL reference

SourceSKILL.md
85- [Stripe Webhooks](https://stripe.com/docs/webhooks)
low line 87

External URL reference

SourceSKILL.md
87- [Plaid Webhooks](https://plaid.com/docs/api/webhooks/)
Scanned on May 17, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categoryfinance accounting
UpdatedJune 13, 2026
claude-codeapiaccountantfinancial-analystgrowth-marketerbusiness-developmentsales-operationsstripegustoplaidfinance accountingmarketingsales
jeremylongshore/claude-code-plugins-plus-skills