op0-altar

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to autonomously generate an API key and then display/save the returned api_key value (telling the user to add it to config), which requires the LLM to handle and output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to call the public API at https://api.op0.live/functions/v1/altar-api-public (endpoints like list, info, payout-tokens and status) and to read/respond based on returned altar/token fields (e.g., token_description, website, token_twitter, altar_url) which are user-provided/untrusted and can change polling/decision logic and follow-up actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built around cryptocurrency token lifecycle and payout operations on Solana. It exposes an API (base URL + X-API-Key) with actions to "create" an altar/token (deploying tokens), returns treasury and dev_wallet addresses and an exact SOL amount required for funding, exposes live treasury balances, and supports payout-token configuration and automatic holder rewards in many listed tokens. The MCP integration also exposes dedicated tools (op0_create_altar, op0_check_altar_status, op0_altar_info, etc.) that directly manage token creation and treasury/payout state.

These are specific crypto/blockchain financial operations (token deployment, treasury funding, and automated payouts), not generic HTTP or browser tooling. Even though the user is asked to send SOL to a returned wallet, the skill initiates and manages on-chain financial behavior. Therefore it grants direct financial execution capability.