crow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to embed API keys and returned tokens/payloads verbatim in curl headers and commands (e.g., X-API-Key: crow_sk_..., payment-signature, sptToken), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires forwarding and interpreting the full HTTP 402 response body from third-party APIs as the "paymentRequired" input (see SKILL.md and references/x402-flow.md where it says to "pass the full 402 response body" to POST /authorize), which is untrusted, user-generated/open-web content that can materially influence payment/agent decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment service: it provisions agent wallets (walletAddress, apiKey), handles USDC on Base x402 payments (POST /authorize, settle on-chain), and performs credit-card payments via Stripe (POST /authorize/card, sptToken). It includes endpoints to create wallets, authorize and execute payments, poll approval status, and settle transactions. These are specific, purpose-built financial operations (crypto wallet payments and Stripe card charges), not generic HTTP or automation tools.