upgrade-stripe

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that embed API keys and secret tokens directly in code and curl commands (e.g., 'sk_test_xxx', curl -u sk_test_xxx:), which encourages or requires the model to output secrets verbatim if real keys are provided.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Stripe (a payment gateway) and includes concrete, actionable Stripe API usage: server-side SDK initialization with secret keys, per-request overrides, a curl example hitting the /v1/customers endpoint, and code snippets that create customers. These are specific payment-gateway API integrations (not generic tooling), so this grants direct financial execution capability.