basket-bet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and consumes responses from public third-party endpoints (the bet-quote service at $BET_QUOTE_URL and the voucher backend at $VOUCHER_URL, using curl in SKILL.md) and uses those untrusted JSON payloads to decide top-up actions and to construct/place bets, so external content directly influences tool actions and transaction behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency financial operations via a wallet CLI and APIs: it instructs using vara-wallet to claim CHIP tokens, approve token allowances, and call PlaceBet/BetOnBasket contract methods (including sending native VARA via --value). It also includes voucher POSTs that top up on-chain VARA and uses signed quotes for on-chain verification. These are direct crypto transaction actions (wallet calls, token transfers, contract writes), so this grants direct financial execution authority.