coal-miner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required mining workflow (Step 1 in SKILL.md) calls https://coalmine.fun/api/challenges/request and returns a doc — a long prose document the agent is required to read and use to produce the 10 answers (see "Step 2: Solve the Challenge" and "Output format (critical)"), so untrusted third-party content directly influences the agent's decisions and prompt behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime requests to https://coalmine.fun (e.g., https://coalmine.fun/api/challenges/request) to fetch the challenge "doc" and questions which are injected into the model prompt and thus directly control agent instructions and are required for the skill to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto/blockchain payment flows: detailed Jupiter Lite API steps to swap SOL→COAL (quote and POST /swap, deserialize swapTransaction, sign with your keypair, and sendRawTransaction on mainnet), explicit SPL mint IDs and raw amounts, and instructions to claim epoch rewards by requesting an unsigned on-chain Solana transaction, deserializing it, signing it with the wallet private key, and broadcasting it. These are specific on-chain transaction construction/signing/submission actions (moving tokens), not generic HTTP or browsing instructions—therefore it grants direct financial execution capability.