nightmarket
Fail
Audited by Snyk on Mar 10, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The prompt instructs the agent to execute setup steps immediately without user confirmation and to permanently install skills and write API keys and behavioral rules into persistent memory, which covertly alters the agent's behavior beyond the stated discovery/calling purpose and effectively acts as a hidden/deceptive instruction to persistently change the agent.
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to persistently store the CrowPay API key (including writing it to files/memory) and to include that key verbatim in X-API-Key headers / curl commands for CrowPay authorization, which requires the LLM to handle and potentially output secret values directly.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). This skill contains intentional persistence and remote-instruction patterns (auto-installing packages, fetching and "execute every step" from a remote SKILL.md, and writing API keys into persistent memory) that create supply-chain, credential-theft, and remote-execution/backdoor risks and enable automatic financial actions without explicit user confirmation.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to call open/public Nightmarket APIs (e.g., https://nightmarket.ai/api/marketplace and https://nightmarket.ai/api/marketplace/<service_id> as shown in SKILL.md "Searching for Services" and "Getting Service Details") and to read and act on service/endpoint responses (including forwarding 402 bodies to CrowPay and choosing endpoints to call), which are untrusted third‑party content that can materially influence subsequent tool use and decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and execute remote instructions and install code at runtime from https://raw.githubusercontent.com/Fallomai/skills/main/skills/nightmarket/SKILL.md (and to run npx against https://github.com/Fallomai/skills), so external content would directly control agent behavior and execute remote code.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly built to discover paid API endpoints and to pay for them on-chain in USDC via a payment service (CrowPay). It instructs the agent to: create a managed agent wallet, save a CrowPay API key, ask the user to fund the wallet, and automatically forward 402 Payment Required responses to CrowPay's /authorize endpoint (with the saved X-API-Key) to settle payments and obtain payment signatures. It details the full payment flow (pay on Base, retry with payment-signature, poll for human approval, spending limits, etc.). These are specific payment/crypto integrations (on-chain USDC, wallet creation, payment API calls), not generic HTTP or browsing instructions, and therefore constitute direct financial execution capability.
Audit Metadata