capacitor-plugins

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user for a Capawesome license key and to insert it verbatim into an npm config command (//npm.registry.capawesome.io/:_authToken <YOUR_LICENSE_KEY>), which requires the LLM to handle and output a secret value directly.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists payment gateway and in-app payment plugins (e.g., Stripe plugins: @capacitor-community/stripe, @capacitor-community/stripe-identity, @capacitor-community/stripe-terminal; Capawesome Square Mobile Payments: @capawesome/capacitor-square-mobile-payments; and Purchases/RevenueCat plugins like @capawesome-team/capacitor-purchases and @revenuecat/purchases-capacitor). These are specific integrations for processing payments/transactions (payment gateways/terminals and in-app purchase handling), which qualify as direct financial execution capabilities.