haystack-router

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal API key in the example code, so an agent producing or reusing that snippet would output a secret-like value verbatim, creating an exfiltration risk.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The code example contains a literal API key: '1b72df7e-1131-4449-8ce1-29b79dd3f51e' assigned to RouterClient({ apiKey: ... }). This is a non-placeholder, high-entropy (UUID-like) value and is annotated in-line as "Free tier (60 requests/min)", indicating it is presented as a usable credential. Other items (ASA IDs like 31566704, asset ID 0, package names, and docs/placeholder text) are not secrets and are ignored per the rules.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a DEX aggregator SDK for Algorand that provides APIs to obtain quotes and execute atomic token swaps (e.g., RouterClient.newSwap, swap.execute) and requires a transaction signer. This is a specific crypto transaction execution capability (swaps/signing on-chain), not a generic tool, so it grants direct financial execution authority.