gitlawb

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These links point to an unvetted third‑party project that directs users to install and run binaries (npm -g packages, Homebrew tap, GitHub releases, and a curl | sh installer), which are high‑risk distribution vectors if the publisher/org is not trusted or audited.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly shows the agent fetching and acting on content from the public gitlawb node (e.g., https://node.gitlawb.com and gitlawb:// repos) — commands and MCP/OpenCode tools like repo_tree, pr_view/pr_diff, issue_view, bounty_show, and task_list/claim read user-generated repos, PRs, issues, bounties and task payloads that the agent is expected to interpret and can drive follow-on actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit crypto/blockchain and escrow/payment functions. It includes Base L2 name-registration commands that accept a private key (e.g., "gl name register --private-key $ETH_PRIVATE_KEY" and "gl name register-did --private-key ") — i.e., signing and submitting on-chain transactions. It also implements bounty features with monetary amounts and escrow semantics (e.g., "gl bounty create ... --amount ", "gl bounty approve " / "Approve and release escrow", and MCP tool "bounty_approve | Approve and release escrow"). Those are specific financial operations (on-chain payments/escrow release and transaction signing), not generic tooling, so this grants direct financial execution authority.