insforge-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains commands that pass secret values directly on the command line (e.g., deployments env set <key> <value>, inline --env '{"...":"ik_xxx"}') and exposes operations that fetch decrypted secrets (secrets get <key>), meaning an agent using this skill may be required to include secret values verbatim in its generated commands or outputs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly exposes a "Payments" surface that manages Stripe integration: commands to set Stripe test/live secret keys, sync products/prices/customers/subscriptions, configure webhooks, manage products/prices, inspect payment history, and manage customers/subscriptions. It also warns about storing and using Stripe secret keys. Because Stripe (a payment gateway) is directly integrated and the CLI provides commands that can create/update payment products, prices, keys, and subscription/customer records, this is a specific financial execution capability (payment gateway management), not just a generic API or browser tool.