predict-worknet

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Suspicious — both links point to code on unverified GitHub accounts (a raw install.sh intended to be piped to sh and a wallet repo to clone/npm-install), which can execute arbitrary code and should be treated as high risk unless you verify the authors, inspect the scripts, and validate signatures/checksums in a safe environment.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run predict-agent (see SKILL.md) which fetches market context/klines, orderbook data, _internal.next_command and math "challenge" text from remote coordinator/AWP APIs (e.g., PREDICT_SERVER_URL https://api.agentpredict.work and https://api.awp.sh), and those untrusted third‑party responses are read and must be followed or used to form submissions, so external content can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs running remote install commands that fetch-and-execute code at runtime (e.g., curl -sSL https://raw.githubusercontent.com/awp-worknet/prediction-skill/main/install.sh | sh and git clone https://github.com/awp-core/awp-wallet.git then npm install), which downloads and executes required binaries/scripts and therefore is a high-risk runtime external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto market operations: it directs the agent to use the predict-agent CLI to fetch market context, submit predictions (orders) with tickets, size positions, cancel orders, check orders and wallet status, and even create/manage an awp-wallet. Those are concrete, purpose-built commands for placing and managing market bets and interacting with a wallet/coordinator (i.e., crypto/market-order functionality), not generic tooling. This grants direct financial execution capability.