agenticbets

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are not direct links to .exe/.msi downloads but are high-risk: they point to an unknown GitHub repo, a custom site and APIs that instruct installing third‑party CLI code and granting Bankr API write access and ERC20 approvals — actions that can deliver malicious code or drain funds if the repo/package/site is malicious or typosquatted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches live market data from the public Markets API at https://agenticbets.dev/api/bankr/markets (see SKILL.md and fetch_markets() in scripts/agenticbets.py), and that untrusted third-party JSON is read and used to determine token addresses, predictionContract routing, and whether/when to place or claim transactions—so a malicious API response could materially change agent behavior and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain financial operations. It is built to place USDC bets and claim winnings via the Bankr Wallet Submit API (includes the exact POST endpoint, request body, headers, and sample payload), requires a Bankr API key with write/wallet access, and specifies ERC20.approve and contract bet()/claim() calls (with calldata selectors and contract addresses). Those are explicit "send transaction" actions that move funds on-chain rather than generic tooling, so this skill grants direct financial execution authority.