paperboy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to make authenticated POSTs using STX signature auth and to send x-stx-address and x-stx-signature headers, which requires embedding/verbatimly including secret signature values in requests and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Browse the daily brief at aibtc.news" and the AGENT.md decision logic says to "Use aibtc-news skill to fetch the daily brief" — a public, user-submitted signal feed that the agent must read and use to choose deliveries and actions, so untrusted third‑party content can directly influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly tied to crypto payments and wallet signing: it pays "sats" with weekly payouts via sBTC, asks applicants to provide a BTC address, and requires STX signature authentication (instructions to sign a message with stacks_sign_message and send x-stx-address / x-stx-signature headers) for write endpoints. These are specific crypto/blockchain integrations (wallet signing + payout address) rather than generic tooling, so it meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for direct financial execution risk.