Agent Card Provisioning

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt exposes and instructs use of full sensitive card data (PAN, CVV, expiry) in example responses and implies returning/including those values verbatim (via proxy.cards.get_sensitive), which requires the LLM to handle secrets directly.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The prompt contains a full primary account number (PAN) and CVV together: pan: "4532015112830366", cvv: "847", expiryMonth/Year present — these are literal, high-entropy payment credentials that can be used to complete transactions (PCI-sensitive). They are not placeholders, redacted, or simple example words, so they meet the criteria for a real secret.

Ignored items / false positives:

• id: "int_abc123", cardId: "card_xyz789", last4: "4242" are placeholder/test-looking values and not secrets per the rules.
• The billing address is PII but not a secret credential under the provided definition.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provisions virtual payment cards and payment intents, issues cards, exposes full PAN/CVV via proxy.cards.get_sensitive, and tracks transactions. Those are specialized, purpose-built financial APIs to enable payments (create payment intent, issue a card to be used for purchases, retrieve sensitive card data, and list transactions). This is not a generic tool — its primary and explicit function is to execute financial transactions on behalf of agents.