gitlawb

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands and flags that pass private keys and secrets directly (e.g., --private-key, --secret, examples embedding $ETH_PRIVATE_KEY or CLI args), which would require the LLM to include secret values verbatim in generated commands or code.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs point to a single, non‑well‑known domain (gitlawb.com) that offers direct installers and a curl | sh install script plus hosted binaries — a high‑risk distribution pattern unless you can verify the project source, checksums/signatures, and the maintainers (npm and GitHub links reduce but do not eliminate the risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and consumes public, user-generated content from the node (e.g., https://node.gitlawb.com and its public API endpoints like /api/v1/repos, /api/v1/pulls, /api/v1/bounties, and /tasks) which the agent is expected to read via MCP tools (repo_tree, pr_diff, pr_view, task_list/claim, bounty_list/claim, etc.) and then take decisions/actions (reviews, merges, task claims, bounty approvals), so untrusted third-party content could inject instructions that influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup/install steps explicitly run curl -sSf https://gitlawb.com/install.sh | sh (in both INSTALL and scripts/setup.sh), which fetches and executes remote code at runtime to install the required "gl" CLI, so https://gitlawb.com/install.sh is a runtime-executed external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto/blockchain financial operations. It supports token-denominated bounties with on-chain escrow (gl bounty create/claim/submit/approve — with “approve” described as releasing escrow), requires an ETH_PRIVATE_KEY for Base L2 transactions/name registration, exposes MCP tools like bounty_approve (Approve + release escrow) and ucans for delegation, and references Bankr wallet commands to view wallet balance and receive payouts. These are specific, built-in functions to move or release funds on-chain, not just generic APIs or browser automation.