superise-bootstrap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to inspect container logs for the one-time initial Owner password and perform a first-run handoff (with permission to reprint that secret once), which requires reading and outputting a secret value verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs pulling images and tags from the public Docker Hub (e.g., "docker pull superise/agent-wallet:latest" and switching to the newest uploaded explicit tag) and to inspect container logs ("docker logs ...") produced by that image, meaning the agent ingests untrusted third-party content from Docker Hub and the running container logs which can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a remote Docker image via "docker pull superise/agent-wallet:latest" and "docker run ... superise/agent-wallet:latest", which fetches and executes remote code at runtime and is required for the skill to function.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for bootstrapping a local "Superise wallet" service (image superise/agent-wallet) and references the wallet's MCP endpoint, one-time Owner password, KEK rotation, and warns that /mcp is unauthenticated wallet access and must not be exposed. This is not a generic tooling skill — it is specifically about deploying a wallet service (crypto/wallet-related) which can enable signing/transaction capabilities. Therefore it meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution authority.