Skills
skills/xiaowen-0725/openydt-cli/openydt-flow-park-access/Snyk

openydt-flow-park-access

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly includes billing domain commands and a concrete payment operation: it documents calling "openydt trade get-park-fee" to retrieve amount and then "openydt trade pay-park-fee --yes" to submit payment (with fields like parkingCode, chargeDate, actPayCharge, paymentMode, billCode). That is a specific, targeted API to execute real monetary transactions (parking fee payment), not a generic HTTP or browser tool. Even though the SOP advises to ask the user before paying, the skill plainly grants the agent the ability to perform payments and handle billing tokens/constraints (e.g., 10-minute token window). Therefore it provides Direct Financial Execution capability.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (2)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:16 PM
Issues
2
Security Audit — snyk — openydt-flow-park-access