self-improve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly configures and uses external MCP servers (e.g., Notion pages and Exa crawling via opencode.json and the "Notion MCP Skills page" described in the Learnings Log) as runtime context that the agent fetches and interprets, exposing it to untrusted, user-editable third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The opencode.json lists a runtime MCP server at https://www.0.finance/api/mcp which the agent will call at runtime as an external tool endpoint (providing context/tools and able to execute remote actions that can affect prompts/behavior), so this is a required external runtime dependency that can control agent execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references crypto/financial integrations and tooling: it lists a "safe-infrastructure" agent for Safe wallet operations, a "new-vault-implementation" agent for adding DeFi vaults, a "zero-finance" MCP server, and project files like a transaction relay and safe management. It also documents wallet architecture (EOA signing, Smart Wallet/Safe, primary Safe where funds reside). These are specific blockchain/transaction capabilities (wallets, signing, relays/vaults), not generic tooling, and therefore constitute direct financial execution capability.