taskmarket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and re-read live instructions from a public URL (curl -s https://market.daydreams.systems/skill.md) and to read pendingActions returned by the public API (GET /api/tasks/{id}) whose command fields the agent is told to run verbatim, so untrusted third-party content can directly supply actionable instructions that change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs agents at session start to run curl -s https://market.daydreams.systems/skill.md to re-fetch and re-read runtime instructions that will directly control agent behavior (and also advises npm install -g @lucid-agents/taskmarket@latest which fetches/executes remote code), so this is a required runtime dependency that can change prompts or execute code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for on-chain payments in USDC on Base Mainnet and exposes concrete wallet and payment actions. It provides a CLI that "handles wallets, signing, and X402 payments automatically", supports creating funded tasks (task create with reward escrow), accepting tasks (which releases payments), depositing/withdrawing USDC (taskmarket deposit, wallet set-withdrawal-address, withdraw), and documents API endpoints that require X402/EIP-3009 payment signatures (e.g. POST /api/tasks with X402, POST /api/wallet/withdraw). These are specific payment/crypto operations (wallet creation/import, signing, withdrawing, sending on-chain USDC), not generic tools — therefore it grants direct financial execution authority.