upgrade-stripe

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples that embed API secret keys directly into code and curl commands (e.g., 'sk_test_xxx' in require('stripe')('sk_test_xxx', ...) and curl -u sk_test_xxx:), which instructs the agent to include secrets verbatim and thus creates an exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The document is explicit Stripe API documentation and includes concrete, actionable examples for using the Stripe payment gateway (e.g., stripe.Customer.create, initializing the Stripe client with an API key, and a curl call to the /v1/customers endpoint with a secret key). Stripe is a payment gateway; these examples and instructions are specifically designed to interact with a payments API and can be used to create/manage payment-related objects and execute financial operations. This meets the criteria for Direct Financial Execution.