ai-sdk-6-skills

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed API keys directly in code (e.g., "apiKey: 'sk-ant-...'") and explicitly says keys can be set "directly in code", which encourages placing secrets verbatim in generated outputs or code — an unsafe pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a "Provider-Executed Tools" example that uses openai.tools.webSearch(...) via the Vercel AI Gateway (and shows tool-based generateText calls), which fetches and ingests arbitrary public web pages/search results that the agent will read and interpret—exposing it to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documentation includes explicit, purpose-built payment functionality. It shows a paymentTool defined as "Process a payment" with an execute handler that returns a transaction id (e.g., txn-123) and a client-side approval UI for approving/denying payments. Additionally, the Vercel AI Gateway docs discuss billing/credits (gateway.getCredits) and requiring a credit card. These are specific, non-generic financial operations (sending/process payment and checking/billing credits), so the skill grants direct financial execution capability.