didit-biometric-age-estimation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt’s examples and request templates explicitly require an x-api-key header and show embedding API keys/passwords directly in requests/env vars, which encourages the LLM to include secret values verbatim in generated code or commands.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit billing endpoints (GET /v3/billing/balance/ and POST /v3/billing/top-up/ with {"amount_in_dollars": ...}) that initiate a Stripe checkout link to add credits. This is a concrete payment-gateway integration (Stripe) capable of initiating payment/top-up flows, so it provides direct financial execution capability.