agent-card

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes a get_card_details action that returns decrypted PAN/CVV/expiry and instructs the agent to display those full card credentials on user request, which requires the LLM to handle and output sensitive secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Paying for Things (Chrome Extension)" workflow shows the agent calling detect_checkout / fill_card / pay_checkout via a Chrome extension that reads the current browser tab (arbitrary third‑party checkout pages) and then interprets that page to auto-fill or create cards, so untrusted webpage content can materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to manage and transact with prepaid virtual Visa cards and integrates with Stripe for payment methods. It exposes specific actions to create funded cards (create_card, with amount and sandbox options), set up/remove a Stripe payment method (setup_payment_method, remove_payment_method), auto-pay at checkouts (pay_checkout, fill_card), list transactions, and close cards. These are direct financial operations (creating/payment-capable cards and invoking Stripe checkout flows), not generic tooling. Therefore it grants direct financial execution capability.