add-org

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks for LITELLM_API_KEY and shows a curl command that embeds it in the Authorization header, which forces the agent to include the secret verbatim in generated output (high exfiltration risk).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly calls a specific admin API (POST /organization/new) to create an organization and includes a "max_budget" field that the agent is instructed to set (e.g., "500.00"). This is not a generic HTTP tool: it's a defined endpoint for provisioning orgs and updating budget limits, which constitutes programmatic modification of spending controls. Per the decision rules, APIs that update budgets/financial limits are considered direct financial execution capability.