gigaverse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes insecure patterns (CLI import with "0x..." key, manual auth examples embedding a signature/address in a JSON POST, and explicit files with private keys/JWTs used in curl Authorization headers) which can require the LLM to output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Yes — the skill routinely calls the public Gigaverse API (e.g., https://gigaverse.io/api/game/dungeon/state, /offchain/gameitems, /offchain/static, /indexer/player/gameitems/{address}, /indexer/usernameAvailable/…) and parses/displays dynamic game data (usernames, loot descriptions, inventory/faction data) from the open API as part of its runtime workflow, which can include user-controlled/untrusted content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements crypto/blockchain financial operations: it includes wallet generation/import, storage of private keys, signing (SIWE) for auth, on-chain actions (minting a Noob), a contract address, and explicit purchase flows/prices for the GigaJuice subscription in ETH. These are specific crypto/payment capabilities (wallets, signing, on-chain purchases), not generic tooling, so it grants direct financial execution authority.