capacitor-plugins

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for a Capawesome license key and to place it directly into an npm config command (//.../:_authToken <YOUR_LICENSE_KEY>), which requires the LLM to accept and reproduce the secret verbatim in output/commands.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists payment gateway and in-app payment plugins (e.g., Stripe plugins: @capacitor-community/stripe, @capacitor-community/stripe-identity, @capacitor-community/stripe-terminal; Capawesome Square Mobile Payments: @capawesome/capacitor-square-mobile-payments; and Purchases/RevenueCat plugins like @capawesome-team/capacitor-purchases and @revenuecat/purchases-capacitor). These are specific integrations for processing payments/transactions (payment gateways/terminals and in-app purchase handling), which qualify as direct financial execution capabilities.