ai-ml-technologies

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's Quick Start example directly embeds an API key string in code (client = OpenAI(api_key="sk-...")), which encourages placing secrets verbatim in generated output and thus enables secret exfiltration.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists blockchain/web3 development tools (Solidity, Web3.js / Ethers.js, Hardhat, Foundry). Those libraries and frameworks are specific to blockchain interactions (contract deployment, transaction creation/signing, wallet interactions) and therefore provide explicit capabilities to craft/send blockchain transactions. This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.