pitch-submit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and decodes user-submitted pitch data from the on-chain PitchRegistry (e.g., scripts/list-pitches.mjs calling getPitch via the public RPC at CONFIG.rpcUrl) and the SKILL.md workflow explicitly relies on downstream automated DD review of those pitches, meaning arbitrary, untrusted pitch descriptions/metadata (user-generated) are read and can influence scoring/status decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes on-chain payment functionality: it requires an agent private key (NET_PRIVATE_KEY), uses viem for blockchain interactions, names the USDC contract address on Base, and instructs the agent to "Pay pitch fee — Send USDC to the fund wallet via x402-style payment." This is a specific crypto payment flow (wallet signing and token transfer) rather than a generic API or browser automation, so it grants direct financial execution capability.