bounty-hunter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs autonomous monitoring and ingestion of public, user-generated content from third-party sites (e.g., GitHub issues, Upwork listings, HackerOne/Bugcrowd) as part of its core "Opportunity Discovery" workflow (see SKILL.md, README.md, and references/platforms.md), so that content is read and used to drive decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes payout management and automatic claiming behavior. It instructs the agent to "Attempt to claim payouts via stored credentials," to verify payouts with scripts (scripts/check_payouts.py), and accepts fiat and specific crypto (USD, BTC, ETH, USDC/USDT). These are explicit, purpose-built instructions to access and claim funds (i.e., move money), not generic browsing or logging. Under the core rule, this is a specific financial execution capability.