stripe-configure

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs placing Stripe secret/webhook keys into .env files and into CLI commands (e.g., npx convex env set "sk_..." ), which requires copying secrets verbatim into output/commands and is therefore insecure.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to configure a payment gateway (Stripe): it instructs creating products and prices, configuring webhook endpoints, and setting Stripe secret/live keys across deployments. These are specific, non-generic Stripe operations (payment gateway setup and secret management) which grant the agent the ability to enable or control financial transaction processing. This meets the "Payment Gateways (Stripe...)" criterion for Direct Financial Execution.