crow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill’s curl examples and flow require including an API key (X-API-Key), sptTokens and similar tokens directly in HTTP headers/requests, forcing the agent to handle and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to consume and forward entire HTTP 402 response bodies from external APIs (e.g., "pass the full 402 response body" in SKILL.md and references/x402-flow.md), meaning untrusted third-party API responses are read and can directly change payment/ retry behavior and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements payment functionality. It creates agent wallets (walletAddress, funding instructions), handles on-chain crypto payments (x402 / USDC on Base) including authorize and settle endpoints, and integrates credit-card payments via Stripe (POST /authorize/card returns sptToken/transactionId). It exposes API keys, spending rules, approval flows, and signed payment payloads/tokens used to complete transactions. This is not a generic HTTP tool — its primary purpose is to move money (crypto transfers and card charges) on behalf of an agent.