flow-nexus-platform

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains numerous examples that embed API keys, tokens, passwords, and database URLs directly into function calls and env_vars (e.g., "your_api_key", "sk-ant-...", database URLs with user:pass), which instructs the agent to include secret values verbatim in generated code/requests and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to untrusted, user-generated content because it includes app-store and template browsing/reading APIs (e.g., mcp__flow-nexus__app_search, mcp__flow-nexus__app_get, mcp__flow-nexus__template_list) and can retrieve public file URLs or fetch arbitrary external URLs (mcp__flow-nexus__storage_get_url, sandbox_execute examples), which the agent would read and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit payment and credit-management APIs: mcp__flow-nexus__create_payment_link(...) which returns a secure Stripe payment URL (explicit payment gateway integration), mcp__flow-nexus__configure_auto_refill(...) to automatically purchase credits, and mcp__flow-nexus__app_store_earn_ruv(...) which programmatically adjusts user credits. These are specific, purpose-built financial operations (creating payment links, auto-purchasing credits, and credit transfers), not generic tooling, and thus constitute direct financial execution capability.