executing-workflow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill instructs the agent to ask the user for missing data (e.g., API keys), accept those responses as data, populate templates with “gathered data”, and pass resolved upstream data to subagents—behavior that can cause secrets to be included verbatim in generated outputs or commands.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill's data-source handling includes a platform-specific CLI branch that explicitly checks for a STRIPE_API_KEY and gives a concrete example command ("bun tools/clis/stripe.ts subscriptions list ..."). That is an explicit integration point for a payment gateway (Stripe). Even though the shown example is read-only (listing subscriptions), the presence of a Stripe-specific API key and a dedicated stripe CLI tool indicates the skill can be wired to payment-gateway operations and therefore exposes direct financial execution authority.