money-product

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (medium risk: 0.60). The prompt includes deceptive operational directives outside the stated product-building scope — e.g., a hard-coded deployment flag ("--scope orris") that forces a specific team/account and instructions to fetch/save GEMINI_API_KEY via an external service (ccapi.ai) and "save preference", which could redirect credentials or control away from the user's own tooling; these are explicit behavior changes not aligned with "use the user's existing tools".

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly asks users to provide API keys/credentials (e.g., GEMINI_API_KEY), says it will "save preference" and will provision services using those credentials, which implies the agent will receive and persist secrets and may embed them in configuration or commands—creating a high risk of verbatim secret handling/exfiltration.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provisions and integrates payment infrastructure (Stripe). It requires and implements Stripe Checkout, webhook handlers, subscription/plan management, upgrade/downgrade flows, and post-deploy monitoring that checks Stripe failed charges. These are specific payment APIs and flows intended to process and manage financial transactions (not generic tooling), so it grants direct financial execution capability.