create-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to run the OpenAnt CLI (e.g., npx @openant-ai/cli@latest tasks list --mine --role creator --json) and to read/interpret returned task data from the OpenAnt platform (user-generated third-party content) to decide whether to retry create/fund operations, so that untrusted task descriptions/statuses can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill repeatedly instructs running the external CLI via "npx @openant-ai/cli@latest", which will fetch and execute remote npm package code at runtime and is required for the skill to operate, so it is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and fund crypto bounties and escrow transactions. It includes CLI commands that build, sign (via Turnkey), and send on-chain transactions (Solana/EVM), commands to fund tasks later (sends on-chain tx), and wallet balance checks. These are specific crypto transaction/wallet operations (signing/sending on-chain escrow), not generic tooling, so it grants direct financial execution capability.