gpt2api-openai-gateway

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes multiple examples and commands that embed API keys, access tokens, and passwords directly (e.g., curl -H "Authorization: Bearer sk-your-api-key", JSON with access_token/$ADMIN_JWT, and default admin password), which requires the agent to handle or output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reverse‑engineers and communicates with chatgpt.com (see "internal/chatgpt" + "SSE parser" and the "Detects preview_only in the tool message response" flow in SKILL.md), parsing upstream tool/messages and using those values to drive retries and generation behavior, so untrusted third‑party responses from chatgpt.com can materially influence the gateway's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes a built-in credit billing system and explicit payment integration (EPay / 易支付) for recharge, plus admin APIs to modify user credits (e.g., POST /api/admin/users/42/credits to add credits). These are specific, purpose-built financial operations (payment gateway integration and direct balance/top-up management), not generic tooling. Therefore it grants direct financial execution capability.