ai-native-product-building

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs users to paste raw data and explicitly tells the agent to "Integrate the Stripe test key" and connect hosting/providers, which encourages accepting and embedding API keys/credentials verbatim into generated code or commands, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to ingest external Figma design URLs (e.g., bolt.new/[FIGMA_URL]) and to paste raw third-party/user-generated data like LinkedIn bios or CSV rows, which the agent is expected to read and interpret to build the app.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to use a constructed URL like bolt.new/[FIGMA_URL] to fetch Figma design assets which are then ingested to drive the agent's prompt/context and code generation, so bolt.new/[FIGMA_URL] is a runtime external dependency that directly controls the agent.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references integrating Stripe for billing (e.g., "Include a Stripe integration for monthly subscriptions" and "Integrate the Stripe test key"). Stripe is a specific payment gateway API, and mentioning test keys/integration shows the agent is being directed to set up payment processing. That constitutes direct financial execution capability (payment gateway integration).