daemon-intelligence

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly documents Authorization headers (e.g., "Authorization: Bearer daemon_") and directs the agent to manage/use daemon_ API keys, which creates scenarios where the LLM would need to accept and embed user secrets verbatim in requests or generated code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls external web sources via the Exa web-search tools and the Discover endpoint (references/agent-endpoints.md and references/agentic-patterns.md), and those untrusted open-web results are ingested into the automatic agentic tool loop (tool_result → added to messages → LLM called again), allowing third-party content to materially influence subsequent tool calls and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes USDC-based payments on Solana, wallet-based authentication (wallet nonce endpoints / Solana wallet auth), finance endpoints, billing webhook, and account balances/tiers — i.e., platform-level billing and crypto payment functionality. These are specific crypto/payment features (wallets/payments/billing) rather than generic tooling, and therefore constitute direct financial execution capability.