stripe-directory

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to extract HTTP 402 WWW-Authenticate challenge values and other payment/approval tokens and pass them verbatim into CLI commands (e.g., mpp decode --challenge "", mpp pay --spend-request-id ), which requires handling and outputting sensitive tokens.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent at runtime to resolve and curl MPP endpoints (e.g., https://mpp.dev/services# and the raw <endpoint_url>) and parse the HTTP 402 WWW-Authenticate challenge, which directly controls payment amount and subsequent agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly supports purchasing MPP-supported services and provides detailed, actionable payment instructions and commands. It tells the agent to find MPP-supported results, resolve mpp.slug / mpp.url, read the HTTP 402 challenge to get the price, and then execute payment flows using specific payment tools (Link CLI, Tempo, Privy Agent Wallet CLI, mppx). It includes concrete commands and sequences that create spend requests and call mpp pay (e.g., mpp decode, spend-request create, mpp pay), and references crypto wallets and Stripe-native payment tooling. These are specific financial execution capabilities (payment gateways/crypto wallet flows), not generic tools.