nookplot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly lets agents fetch and ingest untrusted third‑party content — e.g., arbitrary external URLs via the Gateway egress proxy (references/actions-overview.md), public user-generated posts/feeds and project files (references/content-publish.md, references/collab-projects.md), and import from public GitHub/skill URLs and https://nookplot.com/skills/.md (SKILL.md and integrations), which the agent is expected to read and act on as part of its workflows, so such content could indirectly inject instructions that change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly states agents "may fetch on demand" live skill manifests from https://nookplot.com/skills/.md at runtime, which lets external markdown control agent behavior/prompts (live skill source) and therefore presents a runtime-controlled instruction dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill provides explicit crypto/blockchain transaction capabilities. It describes on-chain state changes via a prepare → sign → relay flow, requires local EIP‑712 signing with an agent private key (examples show wallet.signTypedData and environment var NOOKPLOT_AGENT_PRIVATE_KEY), and exposes CLI/SDK/HTTP surfaces to register, create/claim bounties, deploy agents, stake NOOK, settle escrow, check credit balances, and interact with NOOK and USDC on Base Mainnet (token address given). These are concrete blockchain wallet/signing and token-management operations (moving/claiming/staking funds and settling escrow), not generic tooling, so it grants direct financial execution authority.