create-agentic-app

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user for API keys/tokens (e.g., OPENROUTER_API_KEY, Blob/Polar tokens) and to insert them verbatim into .env or use them in commands, which requires the LLM to handle secret values directly and creates an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to WebFetch external provider docs at runtime (e.g., https://www.better-auth.com/docs/authentication/google and https://resend.com/docs/send-with-nodejs) and to use the fetched content to shape code changes in auth.ts / send() calls, so remote content directly controls the agent's instructions and resulting code edits.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly offers a "Payments with Polar" production integration (Polar + ngrok) and instructs the agent to read and walk the user through the Polar section of the production-extras reference. Polar is a specific payment gateway/provider, so this skill includes explicit, named payment integration steps (credential/configuration and setup), which constitutes direct financial execution capability.