cancel-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly uses the OpenAnt CLI to fetch task data (e.g., npx @openant-ai/cli tasks get <taskId> --json and tasks settlement) and instructs the agent to read task titles, statuses and submissions (user-generated content) to decide whether to cancel, so untrusted third-party content from the OpenAnt marketplace can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs the runtime command "npx @openant-ai/cli@latest", which causes npx to fetch and execute remote npm package code from the registry at runtime, so this external package fetch executes remote code and is a required dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain escrow refunds via the OpenAnt CLI: it instructs the agent to run npx @openant-ai/cli tasks cancel <taskId> which "triggers an on-chain refund of the escrowed tokens back to your wallet" and to verify settlement (mentions Solana indexer and onChain refund status). This is a specific crypto/blockchain financial operation that moves funds (refunds escrow), not a generic tool, so it grants direct financial execution capability.