payram-auth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs extracting and pasting JWT access/refresh tokens and merchant passwords into requests and curl commands (and includes literal token/password examples), which requires the agent to handle and embed secret values verbatim in outputs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for a payment gateway (PayRam) authentication. It provides merchant signin, refresh token flows, token extraction, and examples for calling PayRam payment-related APIs (e.g., payment summary, sweeps, dashboard data). Although the skill focuses on auth, it is specifically designed to grant merchant-level access to payment APIs and thereby enables financial operations. This meets the "payment gateway" criterion for Direct Financial Execution authority.