agent-card

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly fetches decrypted PAN/CVV/expiry via get_card_details and allows the agent to display or use full card numbers (e.g., to fill payment forms) on user request, which requires the LLM to output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Chrome-extension checkout workflows (detect_checkout, fill_card, pay_checkout) explicitly read and act on the current browser tab / checkout pages (arbitrary third-party websites), as described in SKILL.md, so untrusted web content can be interpreted and influence tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to manage and use prepaid virtual Visa cards and integrates with Stripe. It exposes specific actions to create funded cards (create_card with amount_cents), save/remove payment methods via Stripe (setup_payment_method, remove_payment_method), view transactions, fill checkout forms and auto-pay (fill_card, pay_checkout), and close cards. These are concrete payment operations and APIs for moving funds/processing payments (not generic tools), so it provides direct financial execution capability.