third-party-integration
Facilitates seamless integration with external APIs, ensuring robust error handling and data transformation for various services.
Install this skill
Security score
The third-party-integration skill was audited on Feb 12, 2026 and we found 16 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 39 | 'Authorization': `Bearer ${this.apiKey}`, |
Webhook reference - potential data exfiltration
| 226 | async handleWebhook(event) { |
Webhook reference - potential data exfiltration
| 241 | // Webhook endpoint |
Webhook reference - potential data exfiltration
| 242 | app.post('/webhooks/stripe', express.raw({type: 'application/json'}), async (req, res) => { |
Webhook reference - potential data exfiltration
| 246 | const event = stripe.webhooks.constructEvent( |
Webhook reference - potential data exfiltration
| 249 | process.env.STRIPE_WEBHOOK_SECRET |
Webhook reference - potential data exfiltration
| 252 | await paymentService.handleWebhook(event); |
Webhook reference - potential data exfiltration
| 320 | async handleWebhook(event) { |
Webhook reference - potential data exfiltration
| 485 | - Validate webhook signatures |
Webhook reference - potential data exfiltration
| 499 | - Trust unvalidated webhook data |
Access to .env file
| 134 | apiKey: process.env.STRIPE_API_KEY, |
Access to .env file
| 150 | const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY); |
Access to .env file
| 249 | process.env.STRIPE_WEBHOOK_SECRET |
Access to .env file
| 264 | sgMail.setApiKey(process.env.SENDGRID_API_KEY); |
Access to .env file
| 271 | from: process.env.FROM_EMAIL, |
External URL reference
| 135 | baseUrl: 'https://api.stripe.com/v1', |